General

  • Target

    payment98402.exe_pw_infected.zip

  • Size

    485KB

  • MD5

    28c323d39428df38a71502a64ce547ef

  • SHA1

    2e53adc79f104dd3a0ff4634283b8f4a90ea821c

  • SHA256

    b76730b39b05e14a80a48c8e4e008df21e59950b9cb47592fb3b1e88c25e746a

  • SHA512

    d815ccd89ff656b07448f247a853f0862f3cae3c593ad0b10da1086dd01922bc34d58f645c9e3e342d1eb3f11461cfc84e1e65f190ca776755accc0a40f6270b

  • SSDEEP

    12288:WV+JKlea1vfm5wyiscqxCGLi4gG7Ji65zGrczKK:TKlea1vfm5w3v1H4HigKK

Score
3/10

Malware Config

Signatures

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs

Files

  • payment98402.exe_pw_infected.zip
    .zip

    Password: infected

  • 0x0006000000018714-24
    .exe windows:4 windows x86 arch:x86

    Password: infected

    3abe302b6d9a1256e6a915429af4ffd2


    Headers

    Imports

    Sections

  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected

    46f8b6973f33717335c0f6d8087de67b


    Headers

    Imports

    Exports

    Sections

  • Achomawi/Kirundi145/Underpricing/ekstremismers/Eksekveringers.Woo
    .ps1
  • Achomawi/Kirundi145/Underpricing/ekstremismers/Gteskaberne.tal
  • Udskydelsens/Taktlseres/Sardines/Subpectinate/Rekylgevrets119.pah
  • Udskydelsens/Taktlseres/Sardines/Subpectinate/cytoglobin.txt