General
-
Target
DHL_119040 Belegdokument,pdf.exe
-
Size
58KB
-
Sample
211023-f7pzwsdagn
-
MD5
d64f5d6117d03dfb20cfa1555d0f4bd8
-
SHA1
1eed6ad06babb331a39b711a8f8c69902a2f4600
-
SHA256
ca08a2e70dac67086919a22c1b4bdf3f0f2578cb446ca74c8e599f71d0849e55
-
SHA512
6de1a2c97823dc026b0008fd6bb648d617ae92ef062483f81960717cc4c82efaadc214824d16ad18180c5eae6150a51cfaade227efc6d584c640c1c6c8588210
Static task
static1
Behavioral task
behavioral1
Sample
DHL_119040 Belegdokument,pdf.exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
g8ne
http://www.melindair.xyz/g8ne/
freesiacreations.com
ecopolymer.group
ahb9.com
ramapuramholdings.com
urban-gourmets.com
8xaocu.xyz
lancasteremerald.com
aktau.group
thebeachseekers.com
ki5rod.com
nmsships.com
dppu56.com
hairwegoca.net
aratakablogz.com
staunchgomkdt.xyz
leslaw.us
restaurantperladelmare.com
martensakcio.com
motherssecret.store
deersolutionsfranchising.com
gulfgroupeg.com
slapcheating.com
gracemakesmaps.com
manganyuk.com
allkhalf.store
spdh08.xyz
africanspots.com
francesmaydesign.com
marnannyc.com
auxiliaradministrativo.club
caesarscaisno.com
high-clicks2.com
dxtradeoption.com
traly.xyz
gestaltadvisors.net
mgav64.xyz
abogadosafortiori.com
dum-directory.xyz
southasianrepublicanclub.com
alendmaj.com
lifebeyondframe.com
therisnospoon.xyz
ahbeck.net
noordinarylogistics.com
hscbbank.com
trespasos.biz
sns-regionv.com
macdonalds-delivery.xyz
currybunny.com
dailytoyotatuson.com
cottonhome.online
escueladelbuenamor.com
66jt66.com
iivorfloral.com
estide.com
ababstone.xyz
trianyxmail.com
igorshestakov.com
pfgbltd.com
exceed-davinci.com
kloeyscloset.com
zp0ey8.xyz
q8pinoy.com
xn--fjqs5e79kw6e.com
Targets
-
-
Target
DHL_119040 Belegdokument,pdf.exe
-
Size
58KB
-
MD5
d64f5d6117d03dfb20cfa1555d0f4bd8
-
SHA1
1eed6ad06babb331a39b711a8f8c69902a2f4600
-
SHA256
ca08a2e70dac67086919a22c1b4bdf3f0f2578cb446ca74c8e599f71d0849e55
-
SHA512
6de1a2c97823dc026b0008fd6bb648d617ae92ef062483f81960717cc4c82efaadc214824d16ad18180c5eae6150a51cfaade227efc6d584c640c1c6c8588210
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-