General
-
Target
QUOTE_PRICE_REQUEST.rar
-
Size
238KB
-
Sample
210929-dn32asddb3
-
MD5
1115086cce9c56c06e96705e77d03987
-
SHA1
29260bee8113b346134a034c9cfa766b52c02e6d
-
SHA256
a680711b06aea48f7ad417905cd5ea531e15f82d8881409bd72efb470dea06cf
-
SHA512
963b89f733c279872103f5acf4f5f03bb9dfc12a49786455b44fff74b2cbae26a489c9dc615c131f64dc9dfd55d77977542dd350c0a5d65e6496e7a5a9551ef0
Static task
static1
Behavioral task
behavioral1
Sample
QUOTE_PRICE_REQUEST.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.5
m6rs
http://www.litediv.com/m6rs/
globalsovereignbank.com
ktnrape.xyz
churchybulletin.com
ddyla.com
imatge.cat
iwholesalestore.com
cultivapro.club
ibcfcl.com
refurbisheddildo.com
killerinktnpasumo4.xyz
mdphotoart.com
smi-ity.com
stanprolearningcenter.com
companyintelapp.com
tacticarc.com
soolls.com
gra68.net
cedricettori.digital
mossobuy.com
way2liv.com
j9b.xyz
bmfgi.com
gargantua-traiteur.com
tavolabread.com
neoplus-create.com
tracks-clicks.com
santsp.com
tokusa-f.com
yardparx.online
seinvestments-sg.com
elegantbrushes.net
restaurantemachupicchu.com
ha0313.com
dock7rods.com
emphatictrifles.com
onefunline.top
caulsshop.com
kittyol.com
thehealthyheifer.net
plotmyplot.com
leewaysvcs.com
eur86.com
lightsinwall.com
jiankangkyw.com
travilent.com
dvaccounts.com
wittyon.com
tommywoodenski.com
dividendoylibertad.com
aqscksw.com
familiapena2475.com
australianmeatandwine.com
leading.delivery
giftcards2you.com
bethlehemsmith.com
osterparrots.com
getignore.com
joyandsatisfy.club
sanibelislandhomesearch.com
smedivision.com
kitcycle.com
hills-renta.com
brownbeargraphics.com
46sheridan.com
Targets
-
-
Target
QUOTE_PRICE_REQUEST.exe
-
Size
252KB
-
MD5
48043c9a21d0547478331c1613660595
-
SHA1
9985a65e0aa690308454632223393d8d18a1c744
-
SHA256
75772375acbcfb6cb668fc2449671a6a83afe1434184ac7c01fd895825fcf5e6
-
SHA512
408613c89266eedf165e465e6021880cb4e2db943bec88d068db954ee23f80b55445fd9fd66f42f08924a93fa11f25e343c8f654c7cc2918efa09b00570294db
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-