General
-
Target
DHL Shipment Doc.ace
-
Size
522KB
-
Sample
220126-t11dyafcak
-
MD5
5a373f74560ea6482666152dbcd6f5c6
-
SHA1
58754c2e1388cb35991369f4868409fe207fabe0
-
SHA256
392d53e0df22582568a42204601870498810ad743786731f45e7850f8761d6f7
-
SHA512
1adc29e6dc463dc7727cfc0cabb0e68d2e71f0eddb8caf3c474418a9b35a520746551fd849aaf03ac35f49e85c11ea30e32536dee1b77781c9fc0a5d49f2188c
Static task
static1
Behavioral task
behavioral1
Sample
DHL Shipment Doc.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
how6
wealthcabana.com
fourfortyfourcreations.com
cqqcsy.com
bhwzjd.com
niftyfashionrewards.com
andersongiftemporium.com
smarttradingcoin.com
ilarealty.com
sherrywine.net
fsecg.info
xoti.top
pirosconsulting.com
fundapie.com
bbgm4egda.xyz
legalfortmyers.com
improvizy.com
yxdyhs.com
lucky2balls.com
panelmall.com
davenportkartway.com
springfieldlottery.com
pentagonpublishers.com
icanmakeyoufamous.com
40m2k.com
projectcentered.com
webfactory.agency
metronixmedical.com
dalingtao.xyz
functionalsoft.com
klopert77.com
cortepuroiberico.com
viavelleiloes.online
bamedia.online
skolicalunjo.com
kayhardy.com
excellentappraisers.com
sademakale.com
zbycsb.com
empirejewelss.com
coached.info
20215414.online
dazzlehide.com
swickstyle.com
specialtyplastics.online
noordinarysenior.com
bluinfo.digital
chuxiaoxin.xyz
adwin-estate.com
girlwithaglow.com
auctions.email
topekasecurestorage.com
mountain-chicken.com
lhdtrj.com
mhtqph.club
solatopotato.com
mecitiris.com
hotrodathangtrungquoc.com
gapteknews.com
mantraexchange.online
cinematiccarpenter.com
wozka.xyz
car-tech.tech
jssatchell.media
joyokanji-cheer.com
floridanratraining.com
Targets
-
-
Target
DHL Shipment Doc.exe
-
Size
817KB
-
MD5
53af702f438bffc2adb85ae9f5b8c879
-
SHA1
e6aae502e5ea273f1367efd874bf44745d409549
-
SHA256
95ebd87f0d2e1ef1fdbf4e35290a0e9deb65b021acf657e396e960142e80eedb
-
SHA512
4e67eaaff0c8c2297b2f31040debf32b74048aa7deb8bb9498368d19966108400c12592b55e0a29bd173271b6b8d120fac5b2d1096cf318cf7edcba1527e1283
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-