General
-
Target
attachments.zip
-
Size
338KB
-
Sample
220128-s38mnafhbn
-
MD5
00ab90d2d2226e317be2a514347ced0d
-
SHA1
da3e5ebd0dacafc79f88d038744531e8d1b48173
-
SHA256
b195e8f91a3465794595505dd2300b00d76841883eba905d5c09b74654b946f2
-
SHA512
2f0c7eb5d626ac3c7be75c9707f2f5ca482ba11f494d1c8bc218886d702a28897d009c44702a785af8bcac36de830624d8361c97fd930f34e9462b5dcca91f8d
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATION REVIEW.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
iifn
ramaseturs.com
yinhejump.top
realmendrinkwater.store
storyconnect.pro
likehisskin.com
miaoobaby.com
whistleittome.com
icrinc-inc.com
applelost-support.info
tenloe042.xyz
xiaoyaoshike.xyz
frontdukkan.online
disparatadora.xyz
dskensho326.xyz
fsol.pro
rootpresidential.xyz
tejidosvianey.com
diapazon-med.store
suicidestars.com
fadilacatering.com
premiumcontent.online
yehs-studio.com
darfilm.website
mtvirtualassistant.com
seguroiprotecao.com
dermalmedixeu.com
southernmighty.com
nourkoki.com
audacities.xyz
lightfully.solutions
uniquephotoapi.com
jogoreviravolta.com
kindmonth.email
elysabeauty.com
edgewater1105t1.com
skonbatteryhungary.com
xctheagency.com
adapters.biz
ali88.group
sinusreliefnm.com
bendisle.com
horsekare.com
rcoll-dev.com
ryantaber.com
glass-paint.com
steep-turn.com
mitchellcleaningservice.com
giftpro365.com
victoria-samiri.com
rosalvarodriguez.com
iljadabaci.com
strollnroll.online
buzzballzbodegas.com
goodstudycanada.com
cuttingpaprika.com
esport21.com
cantbekilled.net
proteamstaxconsultancy.com
pl-id76379441.xyz
budsplaceofcarmel.com
babanut.com
xzq797979.net
hebbale.academy
dubaifxbrokers.com
goodprice.pro
Targets
-
-
Target
QUOTATION REVIEW.exe
-
Size
382KB
-
MD5
6de1fe838e482853719ca575540a92b0
-
SHA1
9fa044e5e1189948b65fea2e778fabc2c98929d5
-
SHA256
09c176d0c7251e2c64e8cc619bd2b20be37d9b4b1eac19962d2a1b68f7a4535a
-
SHA512
8d9549973563356ad07eb2462320f36701f2244f78a4a20451ea9132d6dc30de01ab445d9392e4b0d594e3f379fa9b7c16154726829d8b8c90e2f22de0e7f124
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-