General
-
Target
DHL SHIPPING AND TRACKING DOCUMENT_PDF.exe
-
Size
1.1MB
-
Sample
210112-q4p822qx26
-
MD5
eb2002937cb72b457e35ce221ebf299e
-
SHA1
be5027e99c4f251652b533e768167ee5a40fc7e2
-
SHA256
e4141a1f1d7e56f4196a1cea4d0804d0206d858e452012fd36e5d1c0eac81c3d
-
SHA512
850e03147c2ea65119eff125dd4e6e5dc002721f22e3bcccacb1ad54661235a5244b86c2cc59e25737f81ba221a53411f025235376a22620373f4def8bc4e272
Static task
static1
Behavioral task
behavioral1
Sample
DHL SHIPPING AND TRACKING DOCUMENT_PDF.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.believe.academy/me2z/
rampdauto.com
noriharte.com
harborfreightcreditcard.com
tktspyhwz.icu
cagehosting.com
hgfte.club
fullnessspa.com
link-repair.com
rrjyds.com
edevletdestekcardmerkez.com
sprayingmachines.com
janerowenlester.com
velocityworkflow.com
kcrm.computer
kjbubeng.com
virtualhockeyconference.com
trugrits.com
creativesociallight.com
dnaswabtesting.com
willpool.com
linkcreditcards.com
beauspot.com
bibliotheca.one
probingislam.com
somachaudhuri.com
xn--alkansuartma-94b.com
taharakikaku.com
youkepub.net
310of167-173bundockstreet.com
thrivemoda.com
remotejobsinusa.com
seanwardphoto.com
cryoportsementanks.com
hualhome.com
balletvideoart.com
rydigital.com
uniquestreams.com
inviteonlysyndicate.com
globalmilitaryaircraft.com
makemymarketingwork.com
12388xpj.com
erometa.com
beckslivesheathy.com
veganpoochie.com
serenalynnsstudio.com
martingainza.com
bingent.info
futmilionarioficial.com
reformascreativas.com
aduhelmefficacy.com
ayushenterprises.net
lupilo.com
shinesupportservice.com
on-coverstore.com
alcove.network
isabellelinhnguyen.com
throwingshadeeyewear.com
insomniasos.net
sipdoxxx.xyz
freeyouriphone.com
fenghaijituan.com
lincolnreadymeals.com
jattfatehpur.com
postaposative.com
Targets
-
-
Target
DHL SHIPPING AND TRACKING DOCUMENT_PDF.exe
-
Size
1.1MB
-
MD5
eb2002937cb72b457e35ce221ebf299e
-
SHA1
be5027e99c4f251652b533e768167ee5a40fc7e2
-
SHA256
e4141a1f1d7e56f4196a1cea4d0804d0206d858e452012fd36e5d1c0eac81c3d
-
SHA512
850e03147c2ea65119eff125dd4e6e5dc002721f22e3bcccacb1ad54661235a5244b86c2cc59e25737f81ba221a53411f025235376a22620373f4def8bc4e272
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-