General
-
Target
Inquiry Order 26-09-2021.exe
-
Size
818KB
-
Sample
210927-la19jsgcan
-
MD5
0bbbecc3323e753a087a19b3cc4edabd
-
SHA1
b96d8e6c3278698624e228f09de44815b1d90905
-
SHA256
c4c9d27ea805c32e7f0e66dc0d9534d8fbd87f4c1327727b2e1e9ae937f02c45
-
SHA512
054e82894d5a1974de958460a30ca7be4fd1395304900a8f5859c9cb5a98a6bf9e8848445f80c5a2b512f1579734111aff2782470111250723aaf7291a9733d5
Static task
static1
Behavioral task
behavioral1
Sample
Inquiry Order 26-09-2021.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
b5ce
http://www.rheilea.com/b5ce/
advellerd.xyz
giasuvina.com
arab-xt-pro.com
ahsltu2ua4.com
trasportesemmanuel.com
kissimmeesoccercup.com
studyengland.com
m2volleyballclub.com
shyuehuan.com
elsml.com
blog-x-history.top
coditeu.com
allattachments.net
vigautruc.com
mentication.com
zambiaedu.xyz
filadelfiacenter.com
avlaborsourceinc.info
tameka-stewart.com
studio-cleo.com
cruisebookingsonlineukweb.com
bajajfinservmutualfund.com
bipxtech.cloud
glottogon.com
villamante.com
lvfrm.xyz
bhadanamedia.digital
austindemolitioncontractor.com
nutritionhawks.com
vcmalihx.top
busybstickerco.com
lianshangtron.com
tenncreative.com
charmfulland.com
zuridesire.com
vliegenmetplezier.com
khlopok.club
tovardarom.xyz
atmospheraglobal.com
lakeefctmich.com
novasaude-g1.online
joymort.com
allexceptionalcapital.com
balicoffeeuniversal.com
netjyjin26.net
arpdomestic.com
ozglobetips.online
zeogg.club
josiemaran-supernatural.com
sieuthinhapkhau.store
healthonline.store
coiincrypt.com
fofija.com
yshowmedia.com
enhancedcr.com
tous-des-cons.club
holeinthewallbus.com
okssl.net
gutenstocks.com
thelindleyfamily.com
apexpropertiesltd.com
powerhousetepusa.com
urbanopportunities.com
comarch.tech
Targets
-
-
Target
Inquiry Order 26-09-2021.exe
-
Size
818KB
-
MD5
0bbbecc3323e753a087a19b3cc4edabd
-
SHA1
b96d8e6c3278698624e228f09de44815b1d90905
-
SHA256
c4c9d27ea805c32e7f0e66dc0d9534d8fbd87f4c1327727b2e1e9ae937f02c45
-
SHA512
054e82894d5a1974de958460a30ca7be4fd1395304900a8f5859c9cb5a98a6bf9e8848445f80c5a2b512f1579734111aff2782470111250723aaf7291a9733d5
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Deletes itself
-
Suspicious use of SetThreadContext
-