General
-
Target
Additional DHL shipment Delivery Parcel.ace
-
Size
364KB
-
Sample
210228-r85k3y25nx
-
MD5
6d93819a996be958f914c0a948c93036
-
SHA1
abc423b47e60daacfd8345c2b16632c4170b3231
-
SHA256
93f14543437ad1857e137e828f39022daa65cad654a95be9569d53eb0d89af3c
-
SHA512
1dd236dfef1158645f336415fd3ec3d5619bdc81b4b9a176f838c62b0380de96178b4bde1395726b0dc0accda22582a0f0b42a86475c337f1994700d672333f7
Static task
static1
Behavioral task
behavioral1
Sample
Additional DHL shipment Delivery Parcel.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.webperb.com/nehc/
havenmaple.com
katrinasmarket.com
ccharlet.com
everestmedicalgroupusa.net
powervoc.com
crypto300cluv.com
davidrichterlaw.com
parkcitysongfest.com
videogeniusawards.com
beleave.club
gooddeedprocessing.com
synthsup.com
eceiptsworld.com
infinityanalytics.co.uk
damghair.com
sabaidate.com
guitarsir.com
thebowlingspot.com
denturelabmiami.com
mo-cooking.com
eronbon.com
appleunveils.com
gelisim-elektronik.com
cardinalvaletlax.com
ehot-tech.com
boefem.com
milliemaiden.com
phoenixpure.net
versalita.net
avon.sucks
larutasustentable.com
townleolawi.com
hyejeongfood.com
strategrowth.com
twofiveninetwo.com
bymirzaoglu.com
centrodesaludcrecer.com
pensacolahandymanservices.com
march.wtf
layer.icu
sweetpeamagnoliaco.com
palaceelysee.website
silkayra.com
integratednourishment.com
eitalasqueira.com
edfenr-invest.com
rezervacnisystem.online
viassoft.com
sfmfm.com
sangharshbharatnews.com
underdessous.com
luisxe.info
eliveyeyn.com
lavesteenjean.com
h2oworks.net
imtheonlyperson.technology
premoo.com
weareprof.com
newcotechnology.com
monnaisjouetsherbrooke.com
juegoroblox.com
ryacorcosquin.com
livetechstop.com
hnuman.com
Targets
-
-
Target
Additional DHL shipment Delivery Parcel.exe
-
Size
510KB
-
MD5
b2fd9aab2f1597f74abda918ddc52f89
-
SHA1
acdf16e4c3a8e0428f7cf1934fdcfe0731b2fc28
-
SHA256
b5ac8902c4d239f5f72366876e99a586d3aaafe45c9a9e098c8ded9a2db7615c
-
SHA512
3297c94b09f6845905f621020821c0ae05a95a0c4e96436f57460aeae5786e7be3acf1d159a0b2282636e2d765715d8d4242be80cfa549fa5d301d05baa175ff
-
Formbook Payload
-
Suspicious use of SetThreadContext
-