General
-
Target
PAYMENT ADVICE.exe
-
Size
502KB
-
Sample
210903-trx78agehj
-
MD5
568af775c70dc6789e84a95a7b9cbd0b
-
SHA1
87458784e0b2a171dbef7b5c94c85a5d94596cdf
-
SHA256
ecbd46c265b67d75964db9233ccd1f26710d56ab7f649845e44f59d55db4251b
-
SHA512
91d9683cd6d1bbfad866edc74c84572cd1e22b85c378137faa3ded17add5647756970ec797668629bbb8e16433a200b5d0dee8ce5e8e1bd51630fd742923cdd4
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT ADVICE.exe
Resource
win7-en
Malware Config
Extracted
xloader
2.3
bp39
http://www.piadineriae45.com/bp39/
glembos.com
adjud.net
beautifyoils.com
chilewiki.com
duxingzi.com
happygromedia.com
restpostenboerse.com
vowsweddingofficiants.com
ladingjiwa.xyz
keepmakingefforts-001.com
yeniao.net
eyildirmaz.com
sayanghae.com
promoteboost.com
lzft.net
proudindiacompany.com
birchwoodmeridianlink.com
mesinionisasi.com
wwwrigalinks.com
wewearthepants.com
showtimerisingstarz.com
conheonet.club
bigdogshirlfox.com
xn--ehqw60f1ex.club
redmondgrowth-usa.com
myfcmtestsite.com
dreamersclubstudios.com
bulukx.com
netdetameruweb.xyz
djibnb.com
malikakids.com
11298.xyz
shuanglinsm.com
blackliontv.com
louiskochins.com
successfullsolutionworks.com
myrcmall.com
letsplayandgo.com
history-at-home.com
twentyfour4academy.com
immersebyacfw.com
grazestyle.com
asuatlalumni.com
akmh.pro
oldsportapparel.com
alphaprimfi.com
qgrandcafe.com
draggonlng.com
publish.mobi
myuhcvisioni.com
susanpatersonwriter.com
1033308.com
vaca.travel
djmarieco.com
realiszt.com
am-evestment-training.com
plaguelanguage.com
kcpinvest.com
wedilivervc.com
stopneuralink.com
alyvmarli.com
disseminacao.com
testaker.com
officee65.com
Targets
-
-
Target
PAYMENT ADVICE.exe
-
Size
502KB
-
MD5
568af775c70dc6789e84a95a7b9cbd0b
-
SHA1
87458784e0b2a171dbef7b5c94c85a5d94596cdf
-
SHA256
ecbd46c265b67d75964db9233ccd1f26710d56ab7f649845e44f59d55db4251b
-
SHA512
91d9683cd6d1bbfad866edc74c84572cd1e22b85c378137faa3ded17add5647756970ec797668629bbb8e16433a200b5d0dee8ce5e8e1bd51630fd742923cdd4
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-