General
-
Target
DHL Shipment Delivery_Pdf.ace
-
Size
422KB
-
Sample
210906-hh6mfsdgcn
-
MD5
21937e507e417f00ba2a6050145d901d
-
SHA1
1d124df2548b846558bdb8fe2b6b905bd1b1d50c
-
SHA256
5584bec329f0c837465e6e786730ad3248ad98e6c3e006b0b808932057aa9bc2
-
SHA512
24cc64ab7f579f495cd653d801e5796e4bdc5e57ae64505cfe1816d607de5039e143c7e9f97d3bab9c85cc50ba0739f613ad4eb30df6b3127a8aa2a9781d2182
Static task
static1
Behavioral task
behavioral1
Sample
DHL Shipment Delivery_Pdf.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
u86g
http://www.99356a.com/u86g/
agenciaplim.com
fastpage.info
tiantianbd.com
hanedanpirlanta.com
project1accessories.com
rebeccadoumet.com
vrdnfz.com
jeaninesatl.com
isaakwallihconstruction.com
aegis.cloud
tigerandsnow.com
thehappyadventurer.com
ahhazu.com
hiveplushoney.com
k-plan-ning.com
peresvet.one
darkworkcustoms.com
deathbok.com
blackinkswizz.com
077sb.com
divecow.club
usbankaltituderewrds.com
nordaackalifestyle.com
melsamedia.com
spaziocanova.com
effinghamrotaryclub.com
organicbusinessstrategies.com
nevarsmith.com
bloqx.com
fortsdev.com
kingdomunified.com
missdecals.com
campbellsawmills.com
sharpestridesdetailing.com
castewaipoultryfarmllc.com
aregae.com
waterfiltration.systems
zxywxmr.com
davidedigiovanni.com
vfekhndzc.icu
guardamar.digital
ansb2b.com
nettute.com
getfluvidtested.com
ostadshagerd.com
bolsasytapers.com
deficryptocure.com
rahsiatokki1.com
virtual360hosting.info
rosettafeenathaniel.club
azschoolgy.com
cubanfilms.club
skooliehigh.com
kaybelledesignsllc.com
xn--lel-bla.com
2022.solar
myharitige.com
xn--iiqu5kngm42ez76a.com
kettlebellsamurai.com
nylonpicsporn.com
mimik33.com
minuwales.com
chelseashalza.com
friendchess.com
Targets
-
-
Target
DHL Shipment Delivery_Pdf.exe
-
Size
848KB
-
MD5
91476ab6caae4d5ed99c3e5180812144
-
SHA1
6ade7a1487ba2385c96ff47230377e51ef5d4709
-
SHA256
823536a9c4dfcb7ea455b209f3702d792b2db6ad5202f063b2368b82191966b5
-
SHA512
cc60af3448e5e25f3baf06e964c0a8fdb1b41056711e69d0e9859ba6acc118b3a66aae8eb8a4e9549ec97f3e5662c7dd4ba9a86a89e9f7c4f13f5bd9377d0cec
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-