General
-
Target
payment advice_16000.exe
-
Size
254KB
-
Sample
211026-qcm7xshed3
-
MD5
a1c481bb9474e04781840009a3c10664
-
SHA1
c432b71a2f493e7c7a120d42d41bf7e4de2053f8
-
SHA256
68aba64ef9b4e5af747005ea8efdd213a80e86e45e9b4f480a54af016e3c6c95
-
SHA512
831053501f491e71664ef594394772f18a5197989c4b4dd625572efa5e508a27ef6d3469a94fad64b7c2dee44904400cd9173edaf1fa5049b21e952bf4903f68
Static task
static1
Behavioral task
behavioral1
Sample
payment advice_16000.exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
d6pu
http://www.bonitaspringshomesearch.com/d6pu/
ifixcreditatl.com
productgeekout.com
electricvehicle-insurance.com
kuiper.business
cloudenglabs.com
gorbepari.com
collecthappy.com
amykrussell.store
clubhousebusinesscourse.com
aplussinifiklima.com
slewis.design
atticwitt.com
galenota.com
griphook.xyz
gsjbd1.club
bootystrapfitness.com
emflawrhks.com
alternativedata.investments
eyehealthtnpasumo3.xyz
naturanzaec.com
vinotrentino.info
thisevent.com
joaopedroeviviane.com
fructuosopascualehijos.net
nftokenartwork.com
gymzara.com
erwan-gueldy-transexual.net
enjoyjourneys.com
sanguinejewellery.com
xxxafricain.com
besrbee.com
kefirusa.com
dualdrivesystem.com
brixbol.com
cor-pt.com
myrhannover.com
entospt.com
slabiesplin.quest
rebuildablecarsonline.com
gangom.com
msulthony.tech
thesmithyvan.com
dharma33.com
rjm226.com
yourbestproduct.com
hyderabadmotorclub.com
karlitomarx.com
sunflowerediting.com
seangreenphotography.com
vikramsparmar.com
roguelakegames.com
globaltechmeet.com
wmr.agency
buksi.biz
ratnagirikosh.com
charleskinzel.com
dunavulkan.quest
diffamr.net
ceveye.com
ss0235.com
7u2mjf.com
getavan.net
thinkcentury.net
diasporahealthfoundation.com
Targets
-
-
Target
payment advice_16000.exe
-
Size
254KB
-
MD5
a1c481bb9474e04781840009a3c10664
-
SHA1
c432b71a2f493e7c7a120d42d41bf7e4de2053f8
-
SHA256
68aba64ef9b4e5af747005ea8efdd213a80e86e45e9b4f480a54af016e3c6c95
-
SHA512
831053501f491e71664ef594394772f18a5197989c4b4dd625572efa5e508a27ef6d3469a94fad64b7c2dee44904400cd9173edaf1fa5049b21e952bf4903f68
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-