General
-
Target
PAIEMENT1.zip
-
Size
304KB
-
Sample
211110-nc2dfaghc9
-
MD5
45a2cc28f8b1d455e867b376c57cad79
-
SHA1
831dd28eef758e1dbc56bd68a43bb6d2e6496878
-
SHA256
5f3775f376c0ba2a894657f291b45e3d9a0a9ecd6a93162141dda0b9e9bc6e04
-
SHA512
ae081214366ff325dcb45edb348fcbde72bfab18fd6cc38c649e0f9364e6d12d5dd6d5b05aca73b3e7d4a1f6803cb2663637a57807d614c41400009d3878214f
Static task
static1
Behavioral task
behavioral1
Sample
PAIEMENT1.exe
Resource
win7-en-20211104
Malware Config
Extracted
xloader
2.5
u9xn
http://www.crisisinterventionadvocates.com/u9xn/
lifeguardingcoursenearme.com
bolsaspapelcdmx.com
parsleypkllqu.xyz
68134.online
shopthatlookboutique.com
canlibahisportal.com
oligopoly.city
srchwithus.online
151motors.com
17yue.info
auntmarysnj.com
hanansalman.com
heyunshangcheng.info
doorslamersplus.com
sfcn-dng.com
highvizpeople.com
seoexpertinbangladesh.com
christinegagnonjewellery.com
artifactorie.biz
mre3.net
webbyteanalysis.online
medicmir.store
shdxh.com
salvationshippingsecurity.com
michita.xyz
itskosi.com
aligncoachingconsulting.com
cryptorickclub.art
cyliamartisbackup.com
ttemola.com
mujeresenfarmalatam.com
mykombuchafactory.com
irasutoya-ryou.com
envtmyouliqy.mobi
expert-rse.com
oddanimalsink.com
piezoelectricenergy.com
itservices-india.com
wintwiin.com
umgaleloacademy.com
everythangbutwhite.com
ishhs.xyz
brandsofcannabis.com
sculptingstones.com
hilldetailingllc.com
stone-project.net
rbrituelbeaute.com
atzoom.store
pronogtiki.store
baybeg.com
b148tlrfee9evtvorgm5947.com
msjanej.com
western-overseas.info
sharpecommunications.com
atlantahomesforcarguys.com
neosudo.com
blulacedefense.com
profilecolombia.com
blacksaltspain.com
sejiw3.xyz
saint444.com
getoken.net
joycegsy.com
fezora.xyz
Targets
-
-
Target
PAIEMENT1.exe
-
Size
424KB
-
MD5
4a40bc732ce463e10ae463ee7b890242
-
SHA1
090fea71d8bc7abe48ea0d36d91a38ecf49f83d8
-
SHA256
1ac69ae85debbb73ec8b2bc1252374eb717b757b61819a012a8eedbac1148cd5
-
SHA512
d0efc801cb42571030a7e4381004eb1f1e3ee2c560726d1be48b8e17c23a5a5604a2e6e142b7354219957bd37cdb2e5eb5d1c1d5748018d88e5733594e4435df
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-