General
-
Target
QUOTATION.exe
-
Size
1.1MB
-
Sample
211001-kz15eabdbr
-
MD5
4ce1ff3c9b5b16f57513e1c54ee4e96d
-
SHA1
d024009dbb744ae61815eeb9e0519948b063e059
-
SHA256
bdf00456287e3b458420249732255abf583ab0d6b5eb263f45d6ff329abdde93
-
SHA512
f03fa30e8081cbd11d13475641e4bfad6bd0147c670b764346f8c3255fae9992e8d8c82cabc4ce57a58732de1d4ef8a6220a2b71bb6f1ba9d82fb042c23ae619
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATION.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
c2ue
http://www.heidevelop.xyz/c2ue/
isportdata.com
stellarex.energy
hsucollections.com
menuhaisan.com
joe-tzu.com
lumichargemktg.com
uae.tires
rapidcae.com
softwaresystemsolutions.com
s-galaxy.website
daewon-talks.net
northgamesnetwork.com
catalogue-bouyguestele.com
criativanet.com
theseasonalshift.com
actionfoto.online
openmaildoe.com
trashpenguin.com
ennopure.net
azurermine.com
wingkingtong.com
innovativepropsolutions.com
transportesajusco.online
rosenblasts.info
ttsports.store
servpix.com
liveatthebiltmore.com
magentautil.com
aquolly.com
collabsales.com
bredaslo.com
suddisaddu.com
www920011a.com
uudh.info
bleuexpress.com
xivuko.com
upstatehvacpros.com
acami.art
thqahql.com
mauzabe.com
mydrones.net
franciseshun.com
nrrpri.com
adndpanel.xyz
straightcorndinner.xyz
locngrip.com
wgylab.xyz
greenmamba100.com
dmglobalconsult.net
alissanoume.xyz
thecallresources.com
spacesuperslot.com
goodiste.com
mensaheating.xyz
blackbait6.com
keepkalmm.com
kodyhughesracing.com
semantikgis.com
saffoldstrucking.com
ingb.online
popcert.com
tpsynergylab.com
acnefreerx.com
why1314.xyz
Targets
-
-
Target
QUOTATION.exe
-
Size
1.1MB
-
MD5
4ce1ff3c9b5b16f57513e1c54ee4e96d
-
SHA1
d024009dbb744ae61815eeb9e0519948b063e059
-
SHA256
bdf00456287e3b458420249732255abf583ab0d6b5eb263f45d6ff329abdde93
-
SHA512
f03fa30e8081cbd11d13475641e4bfad6bd0147c670b764346f8c3255fae9992e8d8c82cabc4ce57a58732de1d4ef8a6220a2b71bb6f1ba9d82fb042c23ae619
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-