05062024_1650_04062024_PAYMENT[.]tar | Triage

Sharing

General

Target

05062024_1650_04062024_PAYMENT.tar
Size

677KB
MD5

ca7ace330ff3ab447070069e982b97cd
SHA1

52bfe9027828d7767f77c2775e28f0ad3c8e9543
SHA256

bc56a68f9f0eb0b52616b59bb4050aededc7ce84b756306d5b85a1dd0c3e51ba
SHA512

8d43c3760b90045a5100e989a881c4c2a6bc197bf6e11363ce8da5a23ddd473aa604f8c8203ddfc5bef9e28d728d13673480edd61912aa968ba13877273c27e9
SSDEEP

12288:XvB6c1X2uYCDQq6pJdh89b3BdIzPXxouafGpJcPJXKy0Gpy0Mlj5osBDW:Xs7ud6Rh4/aiVfG7ByVpGdW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PAYMENT/PAYMENT.exe

Files

05062024_1650_04062024_PAYMENT.tar
.rar

Password: infected
PAYMENT/PAYMENT.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

INNh.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 716KB - Virtual size: 715KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ