General
-
Target
payment.zip
-
Size
181KB
-
Sample
210907-2n4jtsgehp
-
MD5
50dbefd8a45b344dc927e40c3e0cc3ba
-
SHA1
7a7be7f4acb4776e8701b1041f08a9a99ee9bc99
-
SHA256
d8742da7f0ad03dcb96a236952ec9d813789cfca74258cb12a4d4ddfed99447b
-
SHA512
fcb0e2bf27ac9fed50d26b06e25a168c6d9d16f2576b96653d70617769b05dd97a2d8546d2b88308bb7d8e115145d550ba23373961483367aafa456644985010
Static task
static1
Behavioral task
behavioral1
Sample
payment.js
Resource
win7-en
Malware Config
Extracted
xloader
2.3
n64d
http://www.bughtmisly.com/n64d/
hayominta.com
dunstabzug.website
fafmediagroup.com
keepamericagreatagain-again.com
15jizhi.com
hachiden.net
manifestarz.com
bridgeschc.com
floving.com
tintaalairelibre.com
ditsawong.com
dabanse.com
choiceschristianliving.com
pcojapan-online.com
unityinsport.com
hersvin.com
suhaizat.com
vitaliyvs.com
equipmunks.com
yfhzx.com
groupshead.net
agag9.com
mydreamhomemakeover.com
mealplanin5.com
nucaltech.com
wickedowlfilms.com
thebestgenerallegalhelp.website
casadolcelbc.com
6961199.com
bonecustoms.com
indiabazaarwholesale.com
farhangeedalat.com
decoratorsyork.com
rqjgjj.com
rumbroker.com
lescostard.com
spetergroup.com
rezonnance.com
tnprivateschoolsassociation.com
suay.cat
hellofromjesus.com
chochesantojitos.com
hxt6lq.com
prosperitybpo.com
sucessfulwithniecy.com
sambleya.com
diversepowersolutions.net
groupettconstruction.com
hiddejames.com
blockbusters-coaching.net
karizcustomizeme.com
petersonpaintpapering.com
lifstorm.info
facilitaiting-fairy.com
inquirysolutions.net
x1v5a.xyz
outlet-tees.com
ajhedison.com
pascal-lissouba.com
rodengocalcio.com
vent4rent.com
southcoastpphotographic.com
brenz-store.com
colemanwolf.net
Targets
-
-
Target
payment.js
-
Size
317KB
-
MD5
11ffb135f770756723dc7de03b21bdee
-
SHA1
bcaed5653b5beae1abc9709672cbb35e06b65a29
-
SHA256
2c667eeb4b7c3842d866f6182ef1a347ff53b1f7c414ccdf199fcb66514b2f9f
-
SHA512
5acb75cc09eeb2f9a04fa9c214387dfb7deecaa560f58c5e47e38377e02584a94316260e343529e2dfa7a3114fe9da492aa2e51f43dc6459deab8ab13f8b0bd7
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-