General
-
Target
QUOTE REQUEST FOB_Medlited Trading Co.r15
-
Size
470KB
-
Sample
211122-twza3sgabq
-
MD5
96b7ce2b7c29e05d8833e99ff9320614
-
SHA1
a831ebf1dcfe43a0990a46c6dd7dd455ee1cae13
-
SHA256
56935322481dae7857012c8ccb8409bf6db53f758767ddd584437896fa6cabb9
-
SHA512
6b2ca674acbc4305cd4b1b0bd8beec7a5b86158e6745ab837a9d85904df2a08ca5357b5d85e3a4bd0419ae376772e8f11bb26a284d7d5bb3074269add7863087
Static task
static1
Behavioral task
behavioral1
Sample
QUOTE REQUEST FOB_Medlited Trading Co.exe
Resource
win7-en-20211104
Malware Config
Extracted
xloader
2.5
46uq
http://www.liberia-infos.net/46uq/
beardeddentguy.com
envirobombs.com
mintbox.pro
xiangpusun.com
pyjama-france.com
mendocinocountylive.com
innovativepropsolutions.com
hpsaddlerock.com
qrmaindonesia.com
liphelp.com
archaeaenergy.info
18446744073709551615.com
littlecreekacresri.com
elderlycareacademy.com
drshivanieyecare.com
ashibumi.com
stevenalexandergolf.com
adoratv.net
visitnewrichmond.com
fxbvanpool.com
aarondecker.online
environmentalkivul.com
cardsncrepes.com
hopdongdientu-viettel.com
thebroughtguarantee.com
howtofindahotniche.com
1678600.win
pityana.com
akconsultoria.com
markazkreasindo.com
ronniecapitol.com
tailsontour.com
abros88.com
laboratoriodentaltj.com
fuckingmom86.xyz
5pz59.com
centralmadu.com
ispecwar.com
otetransportanddispatching.com
cartaovirtual.net
hsadmin.xyz
xn--12c2bed4dxay5cxdh1s.online
oki-net.com
scenekidfancams.com
preciousmugs.com
754711.com
helpigservices.com
blueharepress.com
xmshzs.com
lovelycharlestonhomes.com
wamhsh.com
burlesquercize.com
oppoexch.com
ditjai.tech
the-hausd-group.com
loosebland.website
syntheticloot.net
gzfusco.com
www-by.com
farraztravel.com
beheld3d.art
douyababy.space
elcuerpohumano.xyz
3soap.com
Targets
-
-
Target
QUOTE REQUEST FOB_Medlited Trading Co.exe
-
Size
611KB
-
MD5
8ddcaa0954d47bcb1e6b18de42fbfd6c
-
SHA1
8de0ab3b4e57d551f4783b6a1410d429c8b62c38
-
SHA256
c50fdcefdf51c648404eb54eebcb81012e2c736252e232759c7eef5fac1d5174
-
SHA512
31dc38d1d45893c6f00e28d2cf192e1451a5c4e84af701fe76c04b1175a7c528f7f95d1d3ec3edb30448b2465e127c66c64904e07da9a762663e9b29c8c4c80d
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-