General
-
Target
Revised Quotation & COA_jpg.exe
-
Size
551KB
-
Sample
220127-s3sansfagp
-
MD5
fce9b050476d555a64ce0522191d1f4a
-
SHA1
4c34b842888ba0c8f80fdba42055281c18e995f3
-
SHA256
07569721866b0b2b3d83ec0db9d400f9cd623c51ea30706aaef9e032ec64795e
-
SHA512
c6ffe706492a009e214e6b6c256bf41406e217a93c9aa9e898b71ea66428c545bb4420f314d7781e9321e9095d678c6440fe4bb12bd8c629a9819e9effc32247
Static task
static1
Behavioral task
behavioral1
Sample
Revised Quotation & COA_jpg.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Revised Quotation & COA_jpg.exe
Resource
win10-en-20211208
Malware Config
Extracted
xloader
2.5
quc5
writerpilotpublishing.com
journeywands.com
madacambo.com
boreslirealestate.com
drillshear.com
urbanmastic.com
focalbunk.com
ghpgroupinc.xyz
rfgmhnvf.com
241mk.com
mandolinzen.com
thenorthstarbets.com
oggperformancehorses.com
webuywholesalerhouses.com
cinreyyy.com
theyoungwedding.com
neuro-ai-web-ru.digital
zavienniky.xyz
kin-school.com
lowratepersonalloans.com
reddindesignco.com
w-planning21.com
contactcenter2.email
bizarrefuid.com
pngok.net
trasportocargo.com
litecoinpricescam.com
klovaperon.quest
ericpcensi.com
gra68.net
bmsr.mobi
phukienstreaming.com
spojed.store
gesips.com
andrewarchitect.com
sifangktv.info
xd16880.com
tudineroenvenezuela.com
scakw.com
sittingysxtfy.xyz
suckit-ice.com
spryget.com
servionexpress.com
dobuncou.xyz
williswear.com
alvinceremiaam.xyz
kashmanltd.com
thebeautydisruptor.com
sherrilyndale.com
edn-by-fges.net
megaverse.estate
albatrosstextile.com
isabel-mirandol.com
jaawo.com
digitalrajputsamaj.com
capital11.store
bortovoycomputezzerkalo.online
tamankertamukti.com
targethic.tech
1006e.com
sahin.business
gosecure.info
spasalonsuite.com
kasko-sigorta.com
augiesautopainting.com
Targets
-
-
Target
Revised Quotation & COA_jpg.exe
-
Size
551KB
-
MD5
fce9b050476d555a64ce0522191d1f4a
-
SHA1
4c34b842888ba0c8f80fdba42055281c18e995f3
-
SHA256
07569721866b0b2b3d83ec0db9d400f9cd623c51ea30706aaef9e032ec64795e
-
SHA512
c6ffe706492a009e214e6b6c256bf41406e217a93c9aa9e898b71ea66428c545bb4420f314d7781e9321e9095d678c6440fe4bb12bd8c629a9819e9effc32247
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-