General
-
Target
Payment Confirmation.exe
-
Size
867KB
-
Sample
210823-clepxkhlqn
-
MD5
fbc0a38898145f58ec52b75a6a0d4f58
-
SHA1
0e1b7baa19c708aada04ebe148575996eb5ee7cb
-
SHA256
7e99dc28bcc8be32fb1477bc6b67da52d67195e1e9ebc9612118a9e180675af7
-
SHA512
19dc73d78176cae92fa3e6223107a965e72cd54b26ce69cb47b4bc696e67afae4d9a35a927cd75d7df583bf062b5fa129c7d49bf3e565e26167633c91085107a
Static task
static1
Behavioral task
behavioral1
Sample
Payment Confirmation.exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
ubqk
http://www.fireescapebk.com/ubqk/
thewanderers.info
nowthinasten.com
salesnewage.com
fzgjx.club
transformationcamp.net
thewaltongroup30a.com
bitdoubler.info
elveronac.com
tabupolitico.com
thecureisweed.com
collegesupermatch.com
bbluedotpanowd.com
joakimrexperience.com
philorise.com
beelippy.com
glitchedcode.com
northwoodsremodeling.com
healrrr.com
precisadiagnostics.com
1crude.com
rbwfitness.com
corretoreduardo.online
qmcp00099.com
djangow.com
fufumail.com
tytywh.com
justadmirers.com
airodynamiks.com
galaxyinsurancequotes.com
lotis.group
mattarelloly.xyz
captain-earth.com
toughmatic.com
coffeelicious247.com
anchorbaymotors.com
ilovepretoria.com
nizacarssuppliers.com
defieloan.com
logansportfinance.com
lowlands-league.com
beautifulyoucardsandgifts.com
windlandseastseniorliving.com
bopocoko.com
tommystic.com
drsapfa.com
picksay.space
psd4arb.com
micomputador.com
moytown.com
ameriwhiz.com
field-trk-zone.com
accinf04.com
ecsoiam.com
tumblewedia.com
boxhubliving.com
mauritiuscoin.com
blun33.com
grollere.pro
ittasteslikecheating.com
stylishsweatpants.com
liubangpay.com
aoc20.com
pgatkur.com
simplio.global
Targets
-
-
Target
Payment Confirmation.exe
-
Size
867KB
-
MD5
fbc0a38898145f58ec52b75a6a0d4f58
-
SHA1
0e1b7baa19c708aada04ebe148575996eb5ee7cb
-
SHA256
7e99dc28bcc8be32fb1477bc6b67da52d67195e1e9ebc9612118a9e180675af7
-
SHA512
19dc73d78176cae92fa3e6223107a965e72cd54b26ce69cb47b4bc696e67afae4d9a35a927cd75d7df583bf062b5fa129c7d49bf3e565e26167633c91085107a
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-