General
-
Target
payment advice_29011021.exe
-
Size
292KB
-
Sample
211129-gs7rtsefc2
-
MD5
9fd9757825549183fb53a8a7cbd0a11b
-
SHA1
3d24fae431c8c37b50fc0c8f6ca95af1ae19ce9e
-
SHA256
237b6ac1943742314565dfdcc34a5c17f475462ae4399a9a9765bbbd6c679c99
-
SHA512
b0c762e6393b883925368b520087618082e8e8cdb0885b888a5a787ce5525bd89e7b8799486013cceb84460e3bd793d4a4e415288334fdf62a8b52397aef7222
Static task
static1
Behavioral task
behavioral1
Sample
payment advice_29011021.exe
Resource
win7-en-20211104
Malware Config
Extracted
xloader
2.5
e8ia
http://www.helpfromjames.com/e8ia/
le-hameau-enchanteur.com
quantumsystem-au.club
engravedeeply.com
yesrecompensas.lat
cavallitowerofficials.com
800seaspray.com
skifun-jetski.com
thouartafoot.com
nft2dollar.com
petrestore.online
cjcutthecord2.com
tippimccullough.com
gadget198.xyz
djmiriam.com
bitbasepay.com
cukierniawz.com
mcclureic.xyz
inthekitchenshakinandbakin.com
busy-clicks.com
melaniemorris.online
elysiangp.com
7bkj.com
wakeanddraw.com
ascalar.com
iteraxon.com
henleygirlscricket.com
torresflooringdecorllc.com
helgquieta.quest
xesteem.com
graffity-aws.com
bolerparts.com
andriylysenko.com
bestinvest-4-you.com
frelsicycling.com
airductcleaningindianapolis.net
nlproperties.net
alkoora.xyz
sakiyaman.com
wwwsmyrnaschooldistrict.com
unitedsafetyassociation.com
fiveallianceapparel.com
edgelordkids.com
herhauling.com
intelldat.com
weprepareamerica-planet.com
webartsolution.net
yiquge.com
marraasociados.com
dentalimplantnearyou-ca.space
linemanbible.com
dunamisdispatchservicellc.com
latamoperationalinstitute.com
stpaulsschoolbagidora.com
groupninemed.com
solar-tribe.com
footairdz.com
blttsperma.quest
xfeuio.xyz
sahodyafbdchapter.com
0934800.com
dandftrading.com
gladway.net
mineriasinmercurio.com
inaampm.com
Targets
-
-
Target
payment advice_29011021.exe
-
Size
292KB
-
MD5
9fd9757825549183fb53a8a7cbd0a11b
-
SHA1
3d24fae431c8c37b50fc0c8f6ca95af1ae19ce9e
-
SHA256
237b6ac1943742314565dfdcc34a5c17f475462ae4399a9a9765bbbd6c679c99
-
SHA512
b0c762e6393b883925368b520087618082e8e8cdb0885b888a5a787ce5525bd89e7b8799486013cceb84460e3bd793d4a4e415288334fdf62a8b52397aef7222
-
Xloader Payload
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
System Information Discovery
2Execution
Command-Line Interface
1Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation