General
-
Target
Invoice remittance 52286.js
-
Size
317KB
-
Sample
210902-5cy7q2njf2
-
MD5
c0fd4d06d9d01680a307ffcf75355352
-
SHA1
2daeb72092e39bcf668815ab472c6010436f5e47
-
SHA256
e3f3d8e11b4dcac7bc9f7ba3e88659ecfabe9e03b42c9728ff01d1ee73ba0261
-
SHA512
0ee84815dd36fb7ffbe5d07427fb0c2849795b50be115fa92b813ba823f8c7d4a2031f1d2c70ccd02cb148fe3106e0a8dc5d804162de0007fa7155b92e984f74
Static task
static1
Behavioral task
behavioral1
Sample
Invoice remittance 52286.js
Resource
win7-en
Malware Config
Extracted
xloader
2.3
n64d
http://www.bughtmisly.com/n64d/
hayominta.com
dunstabzug.website
fafmediagroup.com
keepamericagreatagain-again.com
15jizhi.com
hachiden.net
manifestarz.com
bridgeschc.com
floving.com
tintaalairelibre.com
ditsawong.com
dabanse.com
choiceschristianliving.com
pcojapan-online.com
unityinsport.com
hersvin.com
suhaizat.com
vitaliyvs.com
equipmunks.com
yfhzx.com
groupshead.net
agag9.com
mydreamhomemakeover.com
mealplanin5.com
nucaltech.com
wickedowlfilms.com
thebestgenerallegalhelp.website
casadolcelbc.com
6961199.com
bonecustoms.com
indiabazaarwholesale.com
farhangeedalat.com
decoratorsyork.com
rqjgjj.com
rumbroker.com
lescostard.com
spetergroup.com
rezonnance.com
tnprivateschoolsassociation.com
suay.cat
hellofromjesus.com
chochesantojitos.com
hxt6lq.com
prosperitybpo.com
sucessfulwithniecy.com
sambleya.com
diversepowersolutions.net
groupettconstruction.com
hiddejames.com
blockbusters-coaching.net
karizcustomizeme.com
petersonpaintpapering.com
lifstorm.info
facilitaiting-fairy.com
inquirysolutions.net
x1v5a.xyz
outlet-tees.com
ajhedison.com
pascal-lissouba.com
rodengocalcio.com
vent4rent.com
southcoastpphotographic.com
brenz-store.com
colemanwolf.net
Targets
-
-
Target
Invoice remittance 52286.js
-
Size
317KB
-
MD5
c0fd4d06d9d01680a307ffcf75355352
-
SHA1
2daeb72092e39bcf668815ab472c6010436f5e47
-
SHA256
e3f3d8e11b4dcac7bc9f7ba3e88659ecfabe9e03b42c9728ff01d1ee73ba0261
-
SHA512
0ee84815dd36fb7ffbe5d07427fb0c2849795b50be115fa92b813ba823f8c7d4a2031f1d2c70ccd02cb148fe3106e0a8dc5d804162de0007fa7155b92e984f74
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-