General
-
Target
Payment Advice.gz.exe
-
Size
370KB
-
Sample
220119-pjxjhahffp
-
MD5
5cda0b468d4136fb19e1f79c258acbb9
-
SHA1
0cb7a1174cf5d5a7089c8ed585c5e670974b9048
-
SHA256
fa5511f4b07ca39be9b04bee49a2b103cf827a207d316d4d41bad9cede43c9bc
-
SHA512
e05c563a4caf8aa1def8febbe0042cd97b8b08ff2c6a69215610b321fb77132f6f9f6d804cba0d2cc060e7d81789d379475b03b107087555f717809f51784f44
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice.gz.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Payment Advice.gz.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
xloader
2.5
be4o
neonewway.club
kuanghong.club
7bkj.com
ooo-club.com
kamchatka-agency.com
sjsndtvitzru.mobi
noireimpactcollective.net
justbe-event.com
easypeasy.community
southcoast.glass
janhenningsen.com
jmxyjj.com
tarihibilet.com
nagradi7.com
percentrostered.net
certvaxid.com
kingseafoodsydney.com
blacksheepwalk.com
waktuk.com
inteligenciaenrefrigeracion.com
marvinhull.com
fikretbayrakdar.com
rsxrsh.com
vastukalabid.com
belindahulett.com
aibet888.club
icarus-groupe.com
vendasdigitaisonline.com
fairytalepageants.com
imaginativeprint.com
quanqiu55555.com
owensigns.com
kaikkistore.com
dreamintelligent.com
piqqekqqbpjpajbzvvfqapwr.store
mariachinuevozacatecas24-7.com
glenndcp.com
vaughnediting.com
10dian-3.com
buresdx.com
itservon.com
buyingusedfurniture.com
elektropanjur.com
logotzo.com
eaglesaviationexperience.com
antoniopasciuti.com
personas1web.com
hvbatterystore.com
ksustudyabroad.com
4huav946.com
gojajix.xyz
kennycheng.tech
traditionnevertrend.com
mytrainermatrix.online
basculasperu.com
eljkj.com
teleconstructiongroup.com
28682df.com
altimiravet.com
worldplantaward.com
mydxza.com
josiemaran-supernatural.com
brainymortgage.info
diffamr.net
istemnetwork.com
Targets
-
-
Target
Payment Advice.gz.exe
-
Size
370KB
-
MD5
5cda0b468d4136fb19e1f79c258acbb9
-
SHA1
0cb7a1174cf5d5a7089c8ed585c5e670974b9048
-
SHA256
fa5511f4b07ca39be9b04bee49a2b103cf827a207d316d4d41bad9cede43c9bc
-
SHA512
e05c563a4caf8aa1def8febbe0042cd97b8b08ff2c6a69215610b321fb77132f6f9f6d804cba0d2cc060e7d81789d379475b03b107087555f717809f51784f44
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-