General
-
Target
Payment_advice.exe
-
Size
769KB
-
Sample
220624-q2dd1sfdd9
-
MD5
560d32891531b1b707f3382ae9c56b85
-
SHA1
f18aa28ee289221ca9a6bb67a8be92f4be087994
-
SHA256
6481c836c532a3f055c0239f0459af303c5eda0c95a3f0283bba568b060967e5
-
SHA512
e1f4fae2b4c0d40db1052995cc5d9e86ea85e838492ac42c0762fd6e916eab1f014fb3f17a20a371679f95ab780bca4e7da2b0bb78f779e2c6560206f97a0178
Static task
static1
Behavioral task
behavioral1
Sample
Payment_advice.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.9
v4qp
je1XQKU1LfJPVLk=
nvf41a7FsTLs6uB/g+CR
U7mryF6DctZn6GEjr9Bm4g==
1SONGrPdh7wGEOXp3g==
2xX859r7qOFq7GYkr9Bm4g==
IYtzVUx0Oo0HmZawLQAARDvBf4dL
NH3iuBPNSzZTvpw/4KaG
rDehfiqIPbdMBS8G1g==
xhb2uJ0eBwo7k3djqxh60xoNt4VoeQ==
AFtKux3JgPGRkx3xUsciR6piSg==
m+3VoJadWcBvOAPpzKUNPoAxyplS
1DWKULdka3mxIKhEqGxQr7gxyplS
DGlFGBqWi5CtrCX9alyTuPzq
muvVM4slyTfxORwAZisVksCM78aSEVo=
D3biNgUbyg9E5pl+
/+1QLPssvl/Xxg==
I4lzTjaAcc1iBS8G1g==
wSwc4MmbShojhlZCrniTuPzq
jN5YO6ZXSfJPVLk=
4TUS4+ANuqHCRTM9sniTuPzq
7Ssfd9ru/HPzWMZ42Z+E
TJl+UkzTsY6g86lyegOU3gw=
0juvfNqRgmJwwpc/4KaG
WJuGVDdhQj1Ux5s/4KaG
FHdjPTRtZc1rPwr8zUQfXogxyplS
1yUI9+gAwMPuYMWALzWc+w==
CW1UNSZVQKAlmQep/XYDYGot8HZX30M=
vRqFbt1zJfH304GOeAOU3gw=
P5CIQS65moOingakeAOU3gw=
d9dBqqBI+vgR0Q==
1zElifgR7DjBQhEgnWqTuPzq
Z60BYmHr5eHr4qiedQOU3gw=
HWU4MRo7NYMKvenJppIKPWxeSQ==
e3BN71BTWfJPVLk=
wy7WdMhKC6ZIBS8G1g==
XquYfmaLfMtjMdvi0UJCve3YPQ9/3VBp
KZGA1zHJgWB5XAUCtW5auQQ=
xiMia8hyQfJPVLk=
fs3InobYUU1v
g/FWtqk8QVV2fvykeAOU3gw=
Gk0rieTkzD/cYMxmtQij4wb9
sQ92QpZSTOWOi15IKJWeEYMaENE=
DmfkxD7hjeFXBS8G1g==
AF/WMxGNm+1qwhvu59Ziy96hOpN/3VBp
mPxzMqdFvl/Xxg==
wbYTecjCf2dE5pl+
bM22jGRvLWbm3dd/g+CR
3T4iifwiBwdGDun0r9Bm4g==
hd/Zp4qeQhkDA7I+sXVavwQ=
Y6UNZTVzVVVE5pl+
4V68Jxr1n3hpa/igeQOU3gw=
oxRu5bztvl/Xxg==
IoXeT3nFp316WK0=
LSJ+4y5JmmIN3w==
svtsPL5PAtT1ZVBKmNxkR6piSg==
Tqv+1CqslWNp1Z1v4rzl6xM=
nOjWOqSkigqvKn8jr9Bm4g==
5vNHav9pXUs=
51u5hOzjug9E5pl+
BV3fNCavl2Z69CjsSAHGFiPi
Pov+YD5zJgUUinyAxxhVrb6W7saSEVo=
sfvz0cLqvl/Xxg==
MZ0a3y3CnzpW1DsSU01xouShpVtF
ogaE4dJvYFB76MzDJpoQR6piSg==
erilb.com
Targets
-
-
Target
Payment_advice.exe
-
Size
769KB
-
MD5
560d32891531b1b707f3382ae9c56b85
-
SHA1
f18aa28ee289221ca9a6bb67a8be92f4be087994
-
SHA256
6481c836c532a3f055c0239f0459af303c5eda0c95a3f0283bba568b060967e5
-
SHA512
e1f4fae2b4c0d40db1052995cc5d9e86ea85e838492ac42c0762fd6e916eab1f014fb3f17a20a371679f95ab780bca4e7da2b0bb78f779e2c6560206f97a0178
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds policy Run key to start application
-
Modifies file permissions
-
Suspicious use of SetThreadContext
-