General
-
Target
QUOTE_PRICE_REQUEST.exe
-
Size
252KB
-
Sample
210929-c4rgrsdebl
-
MD5
48043c9a21d0547478331c1613660595
-
SHA1
9985a65e0aa690308454632223393d8d18a1c744
-
SHA256
75772375acbcfb6cb668fc2449671a6a83afe1434184ac7c01fd895825fcf5e6
-
SHA512
408613c89266eedf165e465e6021880cb4e2db943bec88d068db954ee23f80b55445fd9fd66f42f08924a93fa11f25e343c8f654c7cc2918efa09b00570294db
Static task
static1
Behavioral task
behavioral1
Sample
QUOTE_PRICE_REQUEST.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.5
m6rs
http://www.litediv.com/m6rs/
globalsovereignbank.com
ktnrape.xyz
churchybulletin.com
ddyla.com
imatge.cat
iwholesalestore.com
cultivapro.club
ibcfcl.com
refurbisheddildo.com
killerinktnpasumo4.xyz
mdphotoart.com
smi-ity.com
stanprolearningcenter.com
companyintelapp.com
tacticarc.com
soolls.com
gra68.net
cedricettori.digital
mossobuy.com
way2liv.com
j9b.xyz
bmfgi.com
gargantua-traiteur.com
tavolabread.com
neoplus-create.com
tracks-clicks.com
santsp.com
tokusa-f.com
yardparx.online
seinvestments-sg.com
elegantbrushes.net
restaurantemachupicchu.com
ha0313.com
dock7rods.com
emphatictrifles.com
onefunline.top
caulsshop.com
kittyol.com
thehealthyheifer.net
plotmyplot.com
leewaysvcs.com
eur86.com
lightsinwall.com
jiankangkyw.com
travilent.com
dvaccounts.com
wittyon.com
tommywoodenski.com
dividendoylibertad.com
aqscksw.com
familiapena2475.com
australianmeatandwine.com
leading.delivery
giftcards2you.com
bethlehemsmith.com
osterparrots.com
getignore.com
joyandsatisfy.club
sanibelislandhomesearch.com
smedivision.com
kitcycle.com
hills-renta.com
brownbeargraphics.com
46sheridan.com
Targets
-
-
Target
QUOTE_PRICE_REQUEST.exe
-
Size
252KB
-
MD5
48043c9a21d0547478331c1613660595
-
SHA1
9985a65e0aa690308454632223393d8d18a1c744
-
SHA256
75772375acbcfb6cb668fc2449671a6a83afe1434184ac7c01fd895825fcf5e6
-
SHA512
408613c89266eedf165e465e6021880cb4e2db943bec88d068db954ee23f80b55445fd9fd66f42f08924a93fa11f25e343c8f654c7cc2918efa09b00570294db
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-