General
-
Target
DHL invoice KULIR00895239.pdf.exe
-
Size
438KB
-
Sample
211021-wzxb1abedr
-
MD5
f668e4c9cc8a691b159e2033f30f50b5
-
SHA1
3ef37ae10df8f196b68f69db29a7f369fa181970
-
SHA256
07826de5569163107133c374c0f4fde7f494118f127cce285a2a280d98b2dd3b
-
SHA512
92cef7c693652fbd31f878b2f5a759c6bacfc07e479a64cf0ce8ddb9cf35468c4a0630eac572185b90b1fc7e7076e3b6f6859d1ad39c7da7d1fdffb8cf67d90d
Static task
static1
Behavioral task
behavioral1
Sample
DHL invoice KULIR00895239.pdf.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
m6t2
http://www.vmhenterprise.com/m6t2/
somethinghaatke.net
bluehubwriters.com
ptfitnet.com
coastelevatorinteriors.com
hellensilvamkd.com
feekyfeeky.com
studioemiko.com
high-clicks2.com
troyleedesigns.club
peopletrucksinsurance.com
lameducation.com
pundiajaib.com
photosonunderwear.com
hautegirlmarket.com
groopadamce.quest
ignitivehq.com
partyprintable.digital
unlimitedrehab.com
awaytraveltnpasumo6.xyz
hourly.limo
meituandh.xyz
gpwconstrutoraincorporadora.com
azshalomcenter.com
tripeater.com
howzat.academy
certifiedprotradebot.icu
aigreen-ls.com
kwuthh.com
septum.xyz
lifeguardingcoursenearme.com
cupsnax.com
037atk.xyz
movingtolincolnca.com
cherrywoodranchvacationhome.com
tryandmiss.com
socialviralup.com
huiying666.xyz
contact6.email
bindraussen.info
feltamazeballs.com
vulkan-mirror.space
financialwebservices.com
crownexpresssglobal.com
koffishop.com
theawesomesavings.com
respiratoryathome.net
takut9.com
pittboss-bbq.one
brailion.com
ophthalmologyignite.com
flg1819.com
1258200.com
soflovrlnd.com
phillermusic.com
kingstonwff.com
realsteelsoftwarecampaign.com
litunity.com
antiquitynaturalstone.biz
gemmagem.com
luxehairbyjen.com
zakwolff.com
ooiase.com
andrewsenphotography.com
paulapossetto.com
Targets
-
-
Target
DHL invoice KULIR00895239.pdf.exe
-
Size
438KB
-
MD5
f668e4c9cc8a691b159e2033f30f50b5
-
SHA1
3ef37ae10df8f196b68f69db29a7f369fa181970
-
SHA256
07826de5569163107133c374c0f4fde7f494118f127cce285a2a280d98b2dd3b
-
SHA512
92cef7c693652fbd31f878b2f5a759c6bacfc07e479a64cf0ce8ddb9cf35468c4a0630eac572185b90b1fc7e7076e3b6f6859d1ad39c7da7d1fdffb8cf67d90d
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-