General
-
Target
Payment_Authorization Issue_swift MT105TT.rar
-
Size
376KB
-
Sample
211122-q6zg2sffcj
-
MD5
e74a40a1b74b85e91c55432db9f32eea
-
SHA1
257977721b457b92819b2f20dcd1d2978a73255e
-
SHA256
2386acaa004ee3be0654ddb8d1fb1966d004b2f23f4a428149a73e4f92ed9415
-
SHA512
a99afc36143b2600664591700dd3d0b7cbfeda9f75788d906d1d9fd42b18fa50ebb93f275e349fe022456b7ba3270a8e502a54061289ab876083f6d4823fb150
Static task
static1
Behavioral task
behavioral1
Sample
Payment_Authorization Issue_swift MT105TT.exe
Resource
win7-en-20211104
Malware Config
Extracted
xloader
2.5
46uq
http://www.liberia-infos.net/46uq/
beardeddentguy.com
envirobombs.com
mintbox.pro
xiangpusun.com
pyjama-france.com
mendocinocountylive.com
innovativepropsolutions.com
hpsaddlerock.com
qrmaindonesia.com
liphelp.com
archaeaenergy.info
18446744073709551615.com
littlecreekacresri.com
elderlycareacademy.com
drshivanieyecare.com
ashibumi.com
stevenalexandergolf.com
adoratv.net
visitnewrichmond.com
fxbvanpool.com
aarondecker.online
environmentalkivul.com
cardsncrepes.com
hopdongdientu-viettel.com
thebroughtguarantee.com
howtofindahotniche.com
1678600.win
pityana.com
akconsultoria.com
markazkreasindo.com
ronniecapitol.com
tailsontour.com
abros88.com
laboratoriodentaltj.com
fuckingmom86.xyz
5pz59.com
centralmadu.com
ispecwar.com
otetransportanddispatching.com
cartaovirtual.net
hsadmin.xyz
xn--12c2bed4dxay5cxdh1s.online
oki-net.com
scenekidfancams.com
preciousmugs.com
754711.com
helpigservices.com
blueharepress.com
xmshzs.com
lovelycharlestonhomes.com
wamhsh.com
burlesquercize.com
oppoexch.com
ditjai.tech
the-hausd-group.com
loosebland.website
syntheticloot.net
gzfusco.com
www-by.com
farraztravel.com
beheld3d.art
douyababy.space
elcuerpohumano.xyz
3soap.com
Targets
-
-
Target
Payment_Authorization Issue_swift MT105TT.exe
-
Size
459KB
-
MD5
e33471aca4f7ba9761cfbf41b091c9da
-
SHA1
a3b8444a7367eec1b5fe10f11d653b29a27c3b73
-
SHA256
c36c4e9b60d516ae00051b635624267123056adbbd874b7b9f67920dcb71aada
-
SHA512
ce8b9cf90ecbd781c7d3c75aa7694d75e2c6a4c49570de3f67b161cd64a21ac59d65228336be7a98fbfc7d0ad41b94aebb1dacb9fad88f00c1507503fcb3a790
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-