General
-
Target
Quotation.exe
-
Size
1.1MB
-
Sample
210624-ckw89cs8pa
-
MD5
5caf99a5eb3975b435161de0b401b1b5
-
SHA1
271249f641ecbcd5f17b21cd8500b78acb05b5d1
-
SHA256
574d7449e38aa78b8c46331df27b3c429feb34e16e2ae36fdf9516af6c793754
-
SHA512
b7dc01123ad31dbaafbc9aa62eb600356c70dcf71240ad1503e95ada96e198bfddebae68d280d498d15d7fab0cf26f182662a60d1216db9cc4a39adccd8bd754
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
http://www.generalplex.com/pz9b/
gochili.info
cyberdatadefence.com
payonbux.com
candiceswanepoelbrasil.com
mykaoa.com
tanabe-kanagu.com
dovetailgoodlife.xyz
alabasterautomotive.com
tajc.club
authwdqtsi6sojynof9gmazon.com
cookingguides.net
yah360.com
berriq.com
freetoreview.online
yachtsgoneonline.com
clothestokidsri.com
howtogetstartedwithfba.com
simplepartyplanning.com
sunrisekai.com
wealthfarmer.net
indumaqservicios.com
sanookna.com
stgg.net
resultrun.info
dynamismedical.com
katfacecosmetics.com
wjlzbc.com
madebymygypsysoul.com
belpair.net
aktamusic.com
generationathletic.fitness
artandscience.info
timbisoaps.com
foursonsltd.com
komitmenindonesiasejahtera.com
buildingbusinessonline.net
nativeiso.com
sagalocal.icu
deepcombine.com
conecationsystemss.net
airtech-engineers.com
rjccollectibles.com
haegrumfood.com
brunchtimes.com
beautifulbodyz.com
vidaifriend.com
blinbins.com
cvnsm2020.com
thompsonwebmanagement.com
xn--lichthlzer-jcb.com
tyrellsaintvil.com
charismaadvice.com
webshopfront.com
creativesoulsclubs.com
schul-service.com
maridaniellecontreras.com
thefreelancerzone.com
1000-help4.club
thecookiechicktx.com
mutschein.com
balveny.com
sorteesportiva.bet
adamsandfane.com
ashleyjordanoutlaws.com
Targets
-
-
Target
Quotation.exe
-
Size
1.1MB
-
MD5
5caf99a5eb3975b435161de0b401b1b5
-
SHA1
271249f641ecbcd5f17b21cd8500b78acb05b5d1
-
SHA256
574d7449e38aa78b8c46331df27b3c429feb34e16e2ae36fdf9516af6c793754
-
SHA512
b7dc01123ad31dbaafbc9aa62eb600356c70dcf71240ad1503e95ada96e198bfddebae68d280d498d15d7fab0cf26f182662a60d1216db9cc4a39adccd8bd754
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-