General
-
Target
SWIFT payment.daa
-
Size
34KB
-
Sample
210909-djd7dafdg3
-
MD5
efadfc4a0c3d7996361eccd6ae6334a2
-
SHA1
e522032627242b7d32311129c7fa79969b3fdd90
-
SHA256
5f48638bceeaf61f0ce94b675b3917813fed0bbf6f6f491aadb478a3551b536a
-
SHA512
aa83af820a5e9dc181d0ce8d130c327b87300ee5e2ab5c01a490d94a520dd65fb8853e481bf09069e1ec48e61c79ac3068972b8f3eab52451da2695f1e278897
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT payment.exe
Resource
win7-en
Malware Config
Extracted
xloader
2.3
di4c
http://www.thatangrywhiteguy.com/di4c/
cevaphakki.com
nocodemonitor.com
fbsfirm.com
bigtimesight.net
freetimesshop.com
yzfbook.xyz
pioner-sport.online
nhfstyle.com
sabaroakuyomungcahkerjo.com
xn--80aqfb9abc.xn--p1acf
troncentralbank.com
nirvananaturalorganics.info
saokedao.com
seedcode.group
helovestosew.com
upgrade-lb.com
othmanbay.com
versagedistribution.com
bicarayangyungan13.com
tissusbyzdenka.com
anetabell.com
gzziahn.icu
dallascustomcables.com
empatheticleft.com
prospecx.report
imdhaiti.com
tvprox.com
worldpaycash.com
longerbase.com
thechildrensguardianfund.com
npbuyhomes.com
rush8t.com
weirdmixer.com
azharbrand.com
danausjoyeriaexperimental.com
lgrhdpm.icu
worldwidecinemas.com
paradisecounseling.com
madloveartistry.com
paramausvisioncar.com
emeryci.online
strat-fundamentals.net
bandarq365.xyz
pettocushion.com
karenlazarddesign.com
yourpublishinganddesign.com
autismbalance.com
pinpointgoods.net
slashpen.com
balancespaandsalon.com
academyahmed.com
soulsoundstemple.com
legalearn.net
cha-baidao.com
offiesupply.com
rayzenenergy.com
ddwwwm.com
fegetables.com
shorica.com
038244.com
management-malikspace.com
owpow.com
flowers2bahrain.com
laj.cool
Targets
-
-
Target
SWIFT payment.exe
-
Size
96KB
-
MD5
03f2693b86d9cd7564903e15f5e8979f
-
SHA1
5e4bf20543123c2d6e66b901e9a267a37a50d5a9
-
SHA256
f1f6f1952ea49d853b435f20f21dfa86e4a190547aabcddd80d3fad59a8664aa
-
SHA512
3bcd317c78eb101dc9e0d139b773ee6c976b16dc23b6af553bd0eeac98c0d8c503e71cdc6cda23c2f136093487f9bbfe94dab80de7a05bcb24e8dac89ecb16d8
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-