General
-
Target
Incorrect_Payment Details MT144_SWIFT.exe
-
Size
697KB
-
Sample
211123-lss1wshgam
-
MD5
43b84b4cee50af49202838edc9c78b19
-
SHA1
93f2d1a80d8e9efd0fe77264d502636277af1b2a
-
SHA256
503fc3a0db4f69416153b122ee36cc8bcf16738b1bc192f6d20462b28bb640f7
-
SHA512
6024d9aebd13d05301112bad45b9656898aed9a02cef4f212a37f1428ce94c7e24c907e3ce12a7d79cdd8eb0a3ff664568fb7299b39e9e0ccf2b95efcb115ded
Static task
static1
Behavioral task
behavioral1
Sample
Incorrect_Payment Details MT144_SWIFT.exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
46uq
http://www.jixelbbk.com/46uq/
spiritueleonlinetraining.online
jrpz86.com
dataxmart.com
zeogg.club
killiandooley.com
159studios.com
clginter.com
greenwirechicago.com
kennycheng.tech
carolyngracecoaching.com
cp-altodelamuela.com
amazonflowerjewelry.com
anseron.net
surplusqlxbjy.online
asasal.com
online-buy-now.com
kolab.today
statisticsacademy.com
dcupqiu.club
braxtynmi.xyz
bcw.today
stilteruimtes.online
etihadit.com
xihoatuoi.com
fetch-an-us-borrow-money.zone
yooliaphotography.com
ooaz2.xyz
ssss.host
impossiblegrow.com
neilserver.website
renewable-energy-products.com
daywestskincare.com
esmexport.com
carrofrance.com
xiaoxiaodao.club
sterlingmktg.com
txcyclerepair.com
embas.online
interpol-inter.com
piaohua66.com
jollyprime.com
urbanphonecase.com
parareda.net
bursadavarbursadanal.com
emresonfry.com
sharkfangs.com
beepboople.com
ordenmorgi.quest
bdqimeng666.top
workforma.com
vintageknollsapartments.com
alienguise.com
id-923783.space
scj-bos.com
polebear.website
pharmacyle.com
viridishelf.com
abros88.com
ocdpsych.com
gulfandinlandlimited.com
turkishqlxmpw.online
suddennnnnnnnnnnn14.xyz
copyshopetc.net
cursos24-7.online
Targets
-
-
Target
Incorrect_Payment Details MT144_SWIFT.exe
-
Size
697KB
-
MD5
43b84b4cee50af49202838edc9c78b19
-
SHA1
93f2d1a80d8e9efd0fe77264d502636277af1b2a
-
SHA256
503fc3a0db4f69416153b122ee36cc8bcf16738b1bc192f6d20462b28bb640f7
-
SHA512
6024d9aebd13d05301112bad45b9656898aed9a02cef4f212a37f1428ce94c7e24c907e3ce12a7d79cdd8eb0a3ff664568fb7299b39e9e0ccf2b95efcb115ded
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-