General
-
Target
METALIMEX-RFQBYSM-207_SC_offer_kaismiddleeast74567377.7z.exe
-
Size
309KB
-
Sample
211006-q9pf9abbh5
-
MD5
0070ab3e990bd8c6eaca780527718ace
-
SHA1
8079e31f033b3fe6ecc3bc5647f3d46179536fb5
-
SHA256
b4dd5b1d79a6d7fb71d62379aec4338a4072a9736e1383d0d1ee185d02e47619
-
SHA512
87df1fd9152462d6fb0c0a2310e5e9feacd124053c6487f7ae4834266fb4ec3b765f21a0456ee2038ab4546fed5b80bb488645629f5c54a727ebcdca846eb7b4
Static task
static1
Behavioral task
behavioral1
Sample
METALIMEX-RFQBYSM-207_SC_offer_kaismiddleeast74567377.7z.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
dhua
http://www.segurosramosroman.com/dhua/
ketostar.club
icanmakeyoufamous.com
claimygdejection.com
garlicinterestedparent.xyz
bits-clicks.com
030atk.xyz
ballwiegand.com
logs-illumidesk.com
785686.com
flnewsfeed.com
transporteshrj.net
agenciamundodigital.online
bowersllc.com
urchncenw.com
wuauwuaumx.com
littlesportsacademy.com
xn--m3chb3ax0abdta3fwhk.com
prmarketings.com
jiaozhanlianmeng.com
whenisthestore.space
ventureagora.net
ditrixmed.store
gitlab-tamskillpage.com
samgravikasnidhi.com
lenti4you.com
reviewallstarscommerce.com
nissimarble.com
md2px.xyz
tristarelectronics.net
you11.net
vaccinationfraud.xyz
bu3helo.com
marcellcheckpoint.com
hassinkandroos.com
socw.quest
screenedscooptoknow-today.info
aciburada.com
edimacare.com
smokenation.net
elga-groupinc.com
26dgj.xyz
chandleenews.com
sugarcanemultisport.com
nichellejonesrealtor.com
architektschnur.com
atehgroup.com
ocoeeboys.com
zanesells.com
878971.com
infringement-notice.com
orzame.com
darlindough.com
bwpassionenterprise.com
switchress.com
willcowblog.online
rsyncpalace.com
ayderstudio.com
ascotintrenational.com
omeducationhelp.com
kimberleydawnwallace.com
thereisnooneway.com
marketobserve.com
sildenafilnrx.com
willowbaldwin.com
Targets
-
-
Target
METALIMEX-RFQBYSM-207_SC_offer_kaismiddleeast74567377.7z.exe
-
Size
309KB
-
MD5
0070ab3e990bd8c6eaca780527718ace
-
SHA1
8079e31f033b3fe6ecc3bc5647f3d46179536fb5
-
SHA256
b4dd5b1d79a6d7fb71d62379aec4338a4072a9736e1383d0d1ee185d02e47619
-
SHA512
87df1fd9152462d6fb0c0a2310e5e9feacd124053c6487f7ae4834266fb4ec3b765f21a0456ee2038ab4546fed5b80bb488645629f5c54a727ebcdca846eb7b4
-
Xloader Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-