General
-
Target
QUOTE PRICE.exe
-
Size
558KB
-
Sample
210923-wp8maaehh5
-
MD5
3a35017603b428f692151484ad54ded0
-
SHA1
ac071c363f33e2a28aaffc77e5a34642d8246fe0
-
SHA256
45f5e2a682896ac3380522e26a0398b8112bafc42948666c9fecafa3dcab69e3
-
SHA512
6a2c113565aca37d63de00cdd59354400e901bb731d35e53a42951463662374dec5dfb83d109f059b59733abaf3c0f2057a87c22f69b2d738af37b6f19409d8d
Static task
static1
Behavioral task
behavioral1
Sample
QUOTE PRICE.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
m6rs
http://www.litediv.com/m6rs/
globalsovereignbank.com
ktnrape.xyz
churchybulletin.com
ddyla.com
imatge.cat
iwholesalestore.com
cultivapro.club
ibcfcl.com
refurbisheddildo.com
killerinktnpasumo4.xyz
mdphotoart.com
smi-ity.com
stanprolearningcenter.com
companyintelapp.com
tacticarc.com
soolls.com
gra68.net
cedricettori.digital
mossobuy.com
way2liv.com
j9b.xyz
bmfgi.com
gargantua-traiteur.com
tavolabread.com
neoplus-create.com
tracks-clicks.com
santsp.com
tokusa-f.com
yardparx.online
seinvestments-sg.com
elegantbrushes.net
restaurantemachupicchu.com
ha0313.com
dock7rods.com
emphatictrifles.com
onefunline.top
caulsshop.com
kittyol.com
thehealthyheifer.net
plotmyplot.com
leewaysvcs.com
eur86.com
lightsinwall.com
jiankangkyw.com
travilent.com
dvaccounts.com
wittyon.com
tommywoodenski.com
dividendoylibertad.com
aqscksw.com
familiapena2475.com
australianmeatandwine.com
leading.delivery
giftcards2you.com
bethlehemsmith.com
osterparrots.com
getignore.com
joyandsatisfy.club
sanibelislandhomesearch.com
smedivision.com
kitcycle.com
hills-renta.com
brownbeargraphics.com
46sheridan.com
Targets
-
-
Target
QUOTE PRICE.exe
-
Size
558KB
-
MD5
3a35017603b428f692151484ad54ded0
-
SHA1
ac071c363f33e2a28aaffc77e5a34642d8246fe0
-
SHA256
45f5e2a682896ac3380522e26a0398b8112bafc42948666c9fecafa3dcab69e3
-
SHA512
6a2c113565aca37d63de00cdd59354400e901bb731d35e53a42951463662374dec5dfb83d109f059b59733abaf3c0f2057a87c22f69b2d738af37b6f19409d8d
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-