General
-
Target
DHL_119040 documento de recibo de la compra,pdf.exe
-
Size
147KB
-
Sample
211022-yrjgaadabj
-
MD5
34675091ac031b8c43327239a1929dd0
-
SHA1
38984bb6cc0e96425cdfd3fb67592a9e4670b6ca
-
SHA256
cbf031a1dbedd7a1e8f5b158cd6f9af3995fb4e815caee4723fc3ab03b900b19
-
SHA512
f96def8a574e0142391f13f7c4f783a31df633b306d3514247b055c86ffa6814b9492f4baf1c2ecc97cdb25927693a9d7b3f07b8b82ea06b62ac10a1c8a9936a
Static task
static1
Behavioral task
behavioral1
Sample
DHL_119040 documento de recibo de la compra,pdf.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
b65i
http://www.onewebuy.net/b65i/
leofighters.com
smartat2.xyz
encontrevariedades.com
jimwilliamstutoring.com
kanpaiecuador.com
accura-inv.com
xtzgjxzz.com
scentstrategies.com
high-clicks2.com
hadishgebray.com
woodlawnbailbonds.com
dmsolutionsco.com
rdvulm21.com
beachyweens.com
ishirmansingh.com
rimmasbracelets.com
kellibrat.com
roselmasm.com
datkamoney.info
fermers.club
veytrex.com
bigfussblog.com
seehow3.com
howtosellhighticket.com
gv-china.com
midatlanticbaths.com
peoplexplants.com
xinhe138.com
peoplefirstflorida.com
lk-safe-keepingtoyof4.xyz
lavish-hika.com
thefooddrone.com
lowkeymastery.com
ferratahvar.com
ntgc.glass
ctfeldsine.com
131inwood.com
austinfishandchicken.com
adambridewell.com
starzara.com
pillfinancialliteracy.com
urlos.store
coralhide.com
y6pw.xyz
palazzoloan.com
peoplesadvantage.net
konzertmanagement.com
alphapat-sa.com
moresatisfy.club
sexynailcompany.com
janlgesnetwork.net
manifestingiam.com
vehicaldashino.com
jazminsalym.com
strtplay2day.info
insureagainstearthquake.com
sddn57.xyz
staygood.gmbh
paymentssecureweb.com
gee-law.com
tenloe098.xyz
mikevideodirection.online
povital.com
ktrtaiwan.com
Targets
-
-
Target
DHL_119040 documento de recibo de la compra,pdf.exe
-
Size
147KB
-
MD5
34675091ac031b8c43327239a1929dd0
-
SHA1
38984bb6cc0e96425cdfd3fb67592a9e4670b6ca
-
SHA256
cbf031a1dbedd7a1e8f5b158cd6f9af3995fb4e815caee4723fc3ab03b900b19
-
SHA512
f96def8a574e0142391f13f7c4f783a31df633b306d3514247b055c86ffa6814b9492f4baf1c2ecc97cdb25927693a9d7b3f07b8b82ea06b62ac10a1c8a9936a
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-