General
-
Target
HTK TT600202109300860048866 Payment Proof.pdf.exe
-
Size
461KB
-
Sample
211021-pkcwgsacd6
-
MD5
f12bf73a1cb81b5ddd8dd6ed66e610f1
-
SHA1
cb8b0497c95512bf9233823f7d20937424c87207
-
SHA256
6446736e3662120e1fe4c3518bc8e6d14553f6b0b27aaf1fc5676e1f73a50c33
-
SHA512
385c4de5deca014f7486f802efc9a305e2bd2c457a21b63f66bf6f3caef1acee6537f32c7cd4690ee0378939dfad4444abb832c31fb5b5cfcb5bf7ae86715bad
Static task
static1
Behavioral task
behavioral1
Sample
HTK TT600202109300860048866 Payment Proof.pdf.exe
Resource
win7-ja-20211014
Behavioral task
behavioral2
Sample
HTK TT600202109300860048866 Payment Proof.pdf.exe
Resource
win7-en-20210920
Behavioral task
behavioral3
Sample
HTK TT600202109300860048866 Payment Proof.pdf.exe
Resource
win7-de-20211014
Behavioral task
behavioral4
Sample
HTK TT600202109300860048866 Payment Proof.pdf.exe
Resource
win11
Behavioral task
behavioral5
Sample
HTK TT600202109300860048866 Payment Proof.pdf.exe
Resource
win10-ja-20211014
Behavioral task
behavioral6
Sample
HTK TT600202109300860048866 Payment Proof.pdf.exe
Resource
win10-en-20210920
Malware Config
Extracted
xloader
2.5
euzn
http://www.heser.net/euzn/
235296tyc.com
gold12guide.art
baibuaherb.com
weberwines.tax
chezvitoria.com
aidenb.tech
pitchdeckservice.com
surgeryforfdf.xyz
workunvaccinated.com
hrtaro.com
yourotcs.com
sonimultispecialityclinic.com
consultantadvisors.com
pentesting-consulting.com
dantechs.digital
longshifa.online
taweilai.net
imyusuke.com
cashndashfinancial.com
fasiglimt.quest
jakital.com
graywolfdesign.com
pepeavatar.com
predixlogisticscourier.com
football-transfer-news.pro
herbalmedication.xyz
esd66.com
janesgalant.quest
abcrefreshments.com
chaoxy.com
rediscoveringyouhealing.com
mcrjadr5.xyz
n4sins.com
faithful-presence.com
013yu.xyz
isystemslanka.com
newbeautydk.com
ethiopia-info.com
hgaffiliates.net
anodynemedicalmassage.com
esohgroup.com
clinicamonicabarros.com
rafathecook.com
londonescort.xyz
dreamites.com
webtiyan.com
cnnautorepair.com
soposhshop.com
aarohaninsight2021.com
arceprojects.com
mecasso.store
mirai-energy.com
barwg.com
angeescollections-shop.com
xinlishiqiaoqiao.xyz
linuxsauce.net
dirbn.com
anandiaper.xyz
blackpanther.online
livinwoodbridgefarms.com
diepraxiskommunikation.com
radiosaptshahid.com
gofieldtest.com
minxtales.com
Targets
-
-
Target
HTK TT600202109300860048866 Payment Proof.pdf.exe
-
Size
461KB
-
MD5
f12bf73a1cb81b5ddd8dd6ed66e610f1
-
SHA1
cb8b0497c95512bf9233823f7d20937424c87207
-
SHA256
6446736e3662120e1fe4c3518bc8e6d14553f6b0b27aaf1fc5676e1f73a50c33
-
SHA512
385c4de5deca014f7486f802efc9a305e2bd2c457a21b63f66bf6f3caef1acee6537f32c7cd4690ee0378939dfad4444abb832c31fb5b5cfcb5bf7ae86715bad
-
Registers COM server for autorun
-
Xloader Payload
-
Adds policy Run key to start application
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Sets service image path in registry
-
Deletes itself
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-