General
-
Target
DHL Shipment Notification 5833863965.rar
-
Size
215KB
-
Sample
210806-1j1pxbfs9j
-
MD5
0070ab2175d6b10fa9646bf4dae58c3b
-
SHA1
03126a82c9f316024abe253c5ebccc738e8a324c
-
SHA256
5b24d3c0994a388e362e7eac990c326b89741bd06566f2e73abf3fe6172cc8c8
-
SHA512
339139e8792ae0277a0f43924b798b3a137e3e0bd9b9029c465098a359b969248de916326591fcc3a43424e0ebd4f3afe9c51a6c4970b47a0bd45fd296410b01
Static task
static1
Behavioral task
behavioral1
Sample
lemoh.exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
p596
http://www.lapashawhite.com/p596/
ushistorical.com
lovepropertylondon.com
acupress-the-point.com
3772548.com
ambientabuse.com
primaveracm.com
themidwestmomblog.com
havasavunma.com
rockyroadbrand.com
zzphys.com
masque-inclusif.com
myeonyeokplus.com
linkernet.pro
zezirma.com
mysiniar.com
andreamall.com
mattesonauto.com
wandopowerinc.com
casaurgence.com
salishseaquilts.com
yourchanceisnow.com
tumulusresearch.com
blendandspend.com
pevention.com
cloudrevolutionawards.com
beadedbodied.com
marylandpaymentrelief.net
5935699.com
silverleafcompanies.com
slxxxhub.com
combatstriking.com
sex-shop.life
cuncunkan.com
italiamo-magagine.com
sfvoterguide.com
2012boulevard.com
mslookbook.com
897tj1.net
cgslnc.net
kashyaptalkz.com
researchcse.com
lunzhu168.com
mlfkt.com
customcardstudio.com
kirklandramblerforsale.com
magetu.info
wptheme247.com
purposedenver.com
journaldelaphotographie.com
yieldwadi.site
mobilefriendlysites.com
ocularjournal.com
consigli.energy
infintylights.com
itcohempproject.com
montcairo.net
allegrohascockroaches.com
flexbandofficial.com
greatindiapropertyshow.com
kabin-fever.com
designsoc.com
javlao.com
controltower.services
masihsarap.com
Targets
-
-
Target
lemoh.exe
-
Size
231KB
-
MD5
5f26cd5aed834a68b5557e269283d6f0
-
SHA1
5d9eba311343c68a77c9c2a50d65199d7cd7f8a8
-
SHA256
2f313740b13df5c33ef5d7ef6631674ef37428a4a776bbb312fd324b05b5dadd
-
SHA512
b0c15610d8907c424037f86a0a78d58ed6f5592c95b737666e8d543bc8ed6d45dacddd2dd60d7dce3020b3fa376aa25400312bf0aa0cf5668c37abd8511c8827
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-