General
-
Target
RFQ 견적요청_해성190918.exe
-
Size
467KB
-
Sample
210412-9mh4lj85lx
-
MD5
cd70300691bc9f2a261dc6b814ea31a0
-
SHA1
255a24ace53039f262cc74bcda27541a4c3eeaaf
-
SHA256
5b578a81fa5276232529484ff00db9fca64a7879ab4a7abc652c9d0d3e1461ba
-
SHA512
f3c86b554d45f0d0cc67be9ed25025411d47ed513fb0f72978e952c2fcbf20357ee55f1754dc7961afd1e0fc07149dfd38709c0205ad50fccdf7fdf97de981a5
Static task
static1
Behavioral task
behavioral1
Sample
RFQ 견적요청_해성190918.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
RFQ 견적요청_해성190918.exe
Resource
win10v20201028
Malware Config
Extracted
xloader
2.3
http://www.mappmake.com/hrqs/
xaydungdahoacuonghoanglong.com
bigbladesharpeningservice.com
lafabricadestock.com
anothersanitizerbusiness.com
vidahproperties.com
peoples.mba
lucrumglobaltrading.com
saucywhite.com
larissabarros.com
sybjs.net
crasvaleasingn.com
helpmelabit.com
physiciansimpact.com
graduacionesdemexico.com
banhflanquynhhoa.com
jn163.com
startzassets.com
kutrasoftware.com
karasknots.com
tupetmarketingdigital.com
quranwords.net
kingdomvets.com
hiluotime.com
arovess.com
curtex.info
bedbugdude.com
theknowledgenoodles.com
exhibit42.com
laurencondick.com
wytchwoodhollow.com
privatevpnserver.com
fitnesshred.com
nw21salon.com
approved15.info
mgenevieve.com
flagshiplandscape.com
kristinlindvall.com
pheliamoore.com
kebabakini.com
peercondescend.life
fzazb.com
frictionlessdlp.com
tk-ltd.com
procrafthomesolutions.com
cxcontractorsllc.com
qqwiwee.com
idiaricuriosi.com
vietskills.com
poker6plusholdem.com
ti22.online
roostercollection.com
felinecures.com
lankaboy.com
fafq000.icu
thedigitalfuture.net
naturistanbul.com
q4payments.com
hcloudanalytics.com
cerebralcompost.com
sarklark.com
morethanascribble.com
lsbiofarm.com
vetaskills.com
tklaserworks.com
Targets
-
-
Target
RFQ 견적요청_해성190918.exe
-
Size
467KB
-
MD5
cd70300691bc9f2a261dc6b814ea31a0
-
SHA1
255a24ace53039f262cc74bcda27541a4c3eeaaf
-
SHA256
5b578a81fa5276232529484ff00db9fca64a7879ab4a7abc652c9d0d3e1461ba
-
SHA512
f3c86b554d45f0d0cc67be9ed25025411d47ed513fb0f72978e952c2fcbf20357ee55f1754dc7961afd1e0fc07149dfd38709c0205ad50fccdf7fdf97de981a5
Score10/10-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-