General
-
Target
RFQ356284678,pdf.iso
-
Size
462KB
-
Sample
210915-c3bpxsgfa5
-
MD5
a94d252b201174b9532e36f8893ba56b
-
SHA1
28a1e551cd212448828b272e3ec9d3ea9618cd20
-
SHA256
fd0d5cfec2a1908e2e3d7466984399bb8a40d91f3dde90ab77e90fb29c52e466
-
SHA512
b5d734d675e03eb049f8fbdbd2c4e42ba3f5f4431c0c5252783e35bfc19f5fdd528f0c23c3944fad931c5984621d2f01174435749d075dc9a2cf0168b8a6fee0
Static task
static1
Behavioral task
behavioral1
Sample
RFQ356284678,pdf.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
RFQ356284678,pdf.exe
Resource
win10-en
Malware Config
Extracted
xloader
2.3
gv6d
http://www.breakaway.uk/gv6d/
bigfatgay.com
czrsgd168.com
bnkinvestments.com
uhchearingfl.com
hooktowingco.com
bold2x.com
dirtyhandsdigital.com
princetonreviewes.com
typhoonmusicgroup.com
onlinemathcoach.net
safecareethiopia.net
alvarogdeo.com
access-sca-login.pro
handbagswholesalemaster.com
whoaservices.com
telemunndopr.com
dream2works.com
itemconfirmation.com
kentebags.com
chennaipremium.com
galoresgemsandjewellery.com
waithere123.com
rastrillodefrank.com
itssopersonal.com
foundacious.com
dev-forum.com
forthepig.com
elipbiy01.com
bowserinc.com
lightbarworld.com
argent-flair.today
ruggedbychoice.com
temptationsweet.com
skylineglobalbank.online
zermattsearch.com
djayfa.com
playmomsknowbest.com
pushoverdeclarev.club
urbansmile.net
snailsstory.com
cooperate-win.com
lightdelux.com
cafevoila.net
jiemanwu.com
nicborain.com
servicebayview.com
jiangkunsw.com
dailyplanetportal.info
zoroergonomics.com
maxwrage.com
yetlag.com
comercializadoraprogant.net
homapilot.com
beijinghun2.icu
easymailsend3088.xyz
chipotale.com
sexyonadime.com
cocosuperstore.com
suzysgifts.com
ultrajerseys.com
randomexperience.net
gocenterhome.com
zaredali.site
oyunvega.com
Targets
-
-
Target
RFQ356284678,pdf.exe
-
Size
401KB
-
MD5
30b799e145ec03674de8d27ae3e5c0ba
-
SHA1
339a5df9d70b31d0b59a5e97d672f12ccb67e45e
-
SHA256
5df88b107258b6f9b91512ca18b098fec01005b71eed470932f006103d5bb346
-
SHA512
d37d9be8f9bc3c17afead37c22b91a96fe2cb4314d09424270e75b2f36d7be4a9d560540909508170f8c0e3e2d1ba0635595045a6299ea5e6f8be215007b841e
-
Xloader Payload
-
Executes dropped EXE
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-