General
-
Target
Inquiry-URGENT.exe
-
Size
433KB
-
Sample
210927-thdgfshde6
-
MD5
001127ea6a36d3b93e8c54ff1b8f22b8
-
SHA1
acd9171ec5641efc54a16c5c18184dd6e25138c8
-
SHA256
2728dc98fdebc00823b877eba49ace782c17db8a07074634aafca9dc00277776
-
SHA512
7a5687835380616daa433ce196fdb7badfcf74f0e1e4cb97c4064ac0eea1b633b0ed536ea409519d09a5f5c341861b1930242a3f8c706eb58f52defab8e2110f
Static task
static1
Behavioral task
behavioral1
Sample
Inquiry-URGENT.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
b5ce
http://www.rheilea.com/b5ce/
advellerd.xyz
giasuvina.com
arab-xt-pro.com
ahsltu2ua4.com
trasportesemmanuel.com
kissimmeesoccercup.com
studyengland.com
m2volleyballclub.com
shyuehuan.com
elsml.com
blog-x-history.top
coditeu.com
allattachments.net
vigautruc.com
mentication.com
zambiaedu.xyz
filadelfiacenter.com
avlaborsourceinc.info
tameka-stewart.com
studio-cleo.com
cruisebookingsonlineukweb.com
bajajfinservmutualfund.com
bipxtech.cloud
glottogon.com
villamante.com
lvfrm.xyz
bhadanamedia.digital
austindemolitioncontractor.com
nutritionhawks.com
vcmalihx.top
busybstickerco.com
lianshangtron.com
tenncreative.com
charmfulland.com
zuridesire.com
vliegenmetplezier.com
khlopok.club
tovardarom.xyz
atmospheraglobal.com
lakeefctmich.com
novasaude-g1.online
joymort.com
allexceptionalcapital.com
balicoffeeuniversal.com
netjyjin26.net
arpdomestic.com
ozglobetips.online
zeogg.club
josiemaran-supernatural.com
sieuthinhapkhau.store
healthonline.store
coiincrypt.com
fofija.com
yshowmedia.com
enhancedcr.com
tous-des-cons.club
holeinthewallbus.com
okssl.net
gutenstocks.com
thelindleyfamily.com
apexpropertiesltd.com
powerhousetepusa.com
urbanopportunities.com
comarch.tech
Targets
-
-
Target
Inquiry-URGENT.exe
-
Size
433KB
-
MD5
001127ea6a36d3b93e8c54ff1b8f22b8
-
SHA1
acd9171ec5641efc54a16c5c18184dd6e25138c8
-
SHA256
2728dc98fdebc00823b877eba49ace782c17db8a07074634aafca9dc00277776
-
SHA512
7a5687835380616daa433ce196fdb7badfcf74f0e1e4cb97c4064ac0eea1b633b0ed536ea409519d09a5f5c341861b1930242a3f8c706eb58f52defab8e2110f
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-