General
-
Target
REQUEST FOR QUOTATION.exe
-
Size
90KB
-
Sample
210727-pgnxbtpr3s
-
MD5
189b59d65940724d3febd8763d929c27
-
SHA1
e2981f344bb3f8ce214a609932bbc1525ffe6609
-
SHA256
ccaefd526c1b30f67694ea01efb7bd5c794859ae01c68001a3d92e3d1dced67f
-
SHA512
a46fe00332a847ead550c7d7a35980a6ccf1432a5d00035941dd2407a9b00660fc36ee149166fd7d69ef873321935f8c9b3be144bd0926921cefc535b4b1616e
Static task
static1
Behavioral task
behavioral1
Sample
REQUEST FOR QUOTATION.exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
http://www.lovecarder.com/enmm/
westcorinnewater.com
secretosdebolsa.com
carolineeyguthrie.com
fuzion.events
reatour.com
alertfirerescue.com
gd-dw.com
christian-glass.com
herbandflour.com
ttingjab.com
xn--gmq18di80c2lb.com
usabilitykitchen.com
liverpoolbeautyco.com
yyb.one
egeemlak.net
news-crunch.com
johneflix.com
lionlegalsolutions.com
doikatsuman.net
cyberlegalofficer.com
carlinjacob.com
viiokey.com
lajm365.com
behind-the-pink-door.com
33cobblestone.com
merdoryinternational.com
caraccidentslawyernearme.com
advantagewow.com
ndblife.com
kingdom-kutz.com
sportizza.com
castellhotelec.com
saintroleplay.com
urbanaffirmation-active.com
formaciondixital.com
superocr.com
equipmentmarketexchange.com
westherrcars.com
kinstabilling.com
loyallane.com
ntxfalcons.com
capexc.com
fantasticmoment.com
ambassea.com
roofs2gousa.com
abrosnm3.com
kylecandoit.com
sfdema.com
sinmobile.com
alittleforkedup.com
cordeliapiano.com
theorchardrealestate.com
vrindaarticles.com
onesave.club
fedcoach.info
swavedon.com
disordered.media
pepsngo.net
feeltel.com
idowasd.com
8zx4p2kfxx965.net
celfcentrodeformacao.com
xxq238.com
188ciervo.com
Targets
-
-
Target
REQUEST FOR QUOTATION.exe
-
Size
90KB
-
MD5
189b59d65940724d3febd8763d929c27
-
SHA1
e2981f344bb3f8ce214a609932bbc1525ffe6609
-
SHA256
ccaefd526c1b30f67694ea01efb7bd5c794859ae01c68001a3d92e3d1dced67f
-
SHA512
a46fe00332a847ead550c7d7a35980a6ccf1432a5d00035941dd2407a9b00660fc36ee149166fd7d69ef873321935f8c9b3be144bd0926921cefc535b4b1616e
-
suricata: ET MALWARE DTLoader Binary Request M2
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-