General
-
Target
dhl.exe
-
Size
368KB
-
Sample
211026-p4mj2ahdh2
-
MD5
a3148395965c93d7c7a0180970e35bbe
-
SHA1
6cf6843a62d1ecb45f00aa1354242154aac61e79
-
SHA256
78670e73101801526b59bf2bdead06d95cad399ff72abadfc0e00ba557643c80
-
SHA512
da9342f3ce2ad4ba9af1e8da33886c2199b8e6d432507d2d88116605939be7b450e8ba33a6d020c74e6bf65455c8c6c82978d7ff37fe096600e86ed47f438ddd
Static task
static1
Behavioral task
behavioral1
Sample
dhl.exe
Resource
win7-en-20211014
Malware Config
Extracted
formbook
4.1
u1bs
http://www.vgmpradio.com/u1bs/
ln-safe-keepingmisva4.xyz
rtfh.xyz
awolin.link
metadlf.com
cardboardcasual.com
psicoterapiahablada.com
spaminator.xyz
hnjqzl.top
dentalyinovasi.site
biosynblas.com
zvyk.store
shreevishwakarmaservices.com
showersplash.com
norbert-roth.com
londoncapitaltraders.com
istanbuldonerkebabheroncity.com
realdiscountsnow.com
marlinplumbingwnc.com
magazinadziavane.com
qantv.com
redcardinaldaycare.com
fevxok.com
avp-travaux.com
spielload.com
countrymen.net
loverizzi.online
verbandverse.com
esssc.icu
thealphabrains.com
sleep-lab.pro
fancysquat.com
santasdasd.com
28ssc4.icu
gordonmicah.xyz
readyviewerone.com
242plaza.com
lc-kassel-kurhessen.com
guzram.com
classicitystudios.com
nextvoicetech.com
conectadoseventovirtual.com
chollz.xyz
sdxhbl.com
wilopumps.store
netshopsceilingfans.com
econiq.us
wisconsinfarmstay.com
pharmacie-plaideux.com
kppservices.com
cashprotectionservices.com
365bet356.com
davidandanabelsellshomes.com
bvfymca.net
kakvototakova.com
4bosses700mcc.com
topgamesimple.xyz
neistovo-veliko.online
vespafarmingdale.com
newmexicotitlesearches.com
dunnsdispatching.com
caldirectloans.com
taxitienthanh.com
marabout-serieux-rapide.com
oxygenglobal.net
Targets
-
-
Target
dhl.exe
-
Size
368KB
-
MD5
a3148395965c93d7c7a0180970e35bbe
-
SHA1
6cf6843a62d1ecb45f00aa1354242154aac61e79
-
SHA256
78670e73101801526b59bf2bdead06d95cad399ff72abadfc0e00ba557643c80
-
SHA512
da9342f3ce2ad4ba9af1e8da33886c2199b8e6d432507d2d88116605939be7b450e8ba33a6d020c74e6bf65455c8c6c82978d7ff37fe096600e86ed47f438ddd
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-