General
-
Target
PRICE_REQUEST_QUOTATION.exe
-
Size
260KB
-
Sample
210928-gm2nmaagbl
-
MD5
85589170af713a03ca622f94429c634a
-
SHA1
4e0b9dfd13dd6e4b85bca4352be0cec2be9024d7
-
SHA256
dae6ba220bb0a34de731b57965753391343bfe96f9f3fa4fea48102d3377ccf7
-
SHA512
1379d1dbed880c664d7314018e676970afd192a423e6144f3bac6b15e5f89fb4bc245adbe462046ccfb6692e0054be18b459bc2757e60d700c03758232682dd9
Static task
static1
Behavioral task
behavioral1
Sample
PRICE_REQUEST_QUOTATION.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
rgoe
http://www.nudesalon.digital/rgoe/
iamstevekelsey.com
homesofchaparralcountryclub.com
voiceyupcom.com
searchengineeye.com
charsantosart.com
baila.madrid
yota.store
halloweenbaldhills.net
futurodr.com
centercodebase.com
666b20.xyz
4-6-2.com
gspotworld.com
rbb78.com
1kingbet.com
hzhongon.com
dossierinc.com
sustainablefoodfactory.com
golfsol.art
socialenterprisestudio.com
sec-app.pro
mrcsclass.com
apseymarine.com
restate.club
thenewtocsin.com
mingwotech.com
llesman.com
limiteditionft.com
ff4c3dgsp.xyz
travuleaf.com
whatsaauction.com
iktbn-c01.com
dpcqkw.xyz
mahoyaku-exhibition.com
bimcell-tlyuklemezamani.com
thejegroupllc.com
limponomefacil.com
bordandoartes.com
parsvivid.com
lowkeymastery.com
missionsafegame.com
estanciasanpablo.online
overlandshare.com
thevillageplumbers.com
newhollandpurpose.com
eastmillnorthandover.com
patrickandmaxine.com
appleluis.host
immerseinagro.com
vapkey.net
babeshotnud.com
rap8b55d.com
afro-occidentstyle.com
shahjahantravel.com
toptaxxi.store
adronesview.com
kinesio-leman.com
teelandcompany.com
bycracky.com
sehatbersama.store
snackithalal.com
nailsestetic.space
vanmetrecco.com
pondokbali.store
Targets
-
-
Target
PRICE_REQUEST_QUOTATION.exe
-
Size
260KB
-
MD5
85589170af713a03ca622f94429c634a
-
SHA1
4e0b9dfd13dd6e4b85bca4352be0cec2be9024d7
-
SHA256
dae6ba220bb0a34de731b57965753391343bfe96f9f3fa4fea48102d3377ccf7
-
SHA512
1379d1dbed880c664d7314018e676970afd192a423e6144f3bac6b15e5f89fb4bc245adbe462046ccfb6692e0054be18b459bc2757e60d700c03758232682dd9
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-