General
-
Target
DHL_AWB# 9678547836.exe
-
Size
326KB
-
Sample
220121-rrvqzsaaej
-
MD5
c8df5e6047cd338743e32c7e79067a45
-
SHA1
848cdb2e9b7415ca7689b74ffd076fb92a8637a4
-
SHA256
5111f4fa05b89a9d727c4686485acedc16553a7715fd36776c68972acf8e5382
-
SHA512
c18533cd152b2ea6c395d6224f0dcbc73f3583bb4b8b902cf967c906a5c5df634976741a9f90977fa05e487277d79c4ac7e85f5216921f4c78bde1abd7f36436
Static task
static1
Behavioral task
behavioral1
Sample
DHL_AWB# 9678547836.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
dtt3
edilononlineshop.com
cursosd.com
viellacharteredland.com
increasey0urenergylevels.codes
yjy-hotel.com
claym.xyz
reelsguide.com
gives-cardano.com
ashrafannuar.com
mammalians.com
rocketleaguedads.com
yubierp.com
minimi36.com
chn-chn.com
jagojp888.com
parsian-shetab.com
273351.com
mdtouhid.com
babedads.com
vallinam2.com
buro-tic.com
az-rent.net
shifaebio.xyz
circuitoalberghiero.com
xn--b1afb9b.xn--p1acf
canlioyundasin.online
sachainchirajaomega.com
scandinest.com
pluky.net
tpxcy.com
nbg.global
automountproducts.com
hghbj.com
beachsidecoatings.com
householdertips.com
coworkingspace.online
doujyou.com
tenloe053.xyz
udpbkp.biz
kondanginyuk.online
zipiter.com
christiankrog.com
reliantrecruitinggroup.com
acrylicus.com
cruelgirls.biz
oeinsulation.com
mapnft.xyz
leadersfort.com
foodroutine.com
mayerohio.info
systemofsolutions.com
gideonajibike.com
bigboobz.net
townofis.com
mhkxlgs.com
sussaautocare.com
quicktle.com
boutiquedangel.com
garrisonroadhouse.com
stiff-pols.art
cabalaconsultores.com
theweddinggame.net
themoneymagicians.com
overtonesa.com
janasflannels.com
Targets
-
-
Target
DHL_AWB# 9678547836.exe
-
Size
326KB
-
MD5
c8df5e6047cd338743e32c7e79067a45
-
SHA1
848cdb2e9b7415ca7689b74ffd076fb92a8637a4
-
SHA256
5111f4fa05b89a9d727c4686485acedc16553a7715fd36776c68972acf8e5382
-
SHA512
c18533cd152b2ea6c395d6224f0dcbc73f3583bb4b8b902cf967c906a5c5df634976741a9f90977fa05e487277d79c4ac7e85f5216921f4c78bde1abd7f36436
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-