General
-
Target
Scan0198DHL-pdf.iso
-
Size
442KB
-
Sample
220127-hnnzlahafr
-
MD5
e34ccab4edbbdaa34e2acc66fd982f2c
-
SHA1
633d28c743b48d7bac1e4f9a939596a2869d5d43
-
SHA256
b085e2188664b7699e817d28ebd248569e6981c21cf7efcdabb20532c47dc88a
-
SHA512
810e45a4ab5b138f5dc0a70b57c371ab564b2b975bebbfedb11a1bffb11bb84e03e24dbf606a04bdf427e28df5fcbdb3164f7e2e5ab6779599c05e41144b8886
Static task
static1
Behavioral task
behavioral1
Sample
Scan0198DHL-pdf.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
pout
leadergaterealty.com
k7bsz.info
laidjapp1.com
eastcountytaxi.com
betterlife-uae.com
materaiku.com
chanhxebinhthuan-hcm.online
06gjm.xyz
67t.xyz
here-we-meet.com
screened-articletoseetoday.info
lucykg.club
mujdobron.quest
susakhi.com
funtabse.com
unlimitedpain.com
2ed58fwec.xyz
weighttrainingexpert.com
allisonsheillax.com
yektaburgers.com
altijdstoer.info
airemspapartments.com
videomuncher.com
centerstagedrama.com
nikkou-toy.store
arequipesymerengues.com
haishandl.com
fy2zy5.com
mailheld.digital
sheepysage.com
fabricadocredito.com
siq212.com
moo-coo.com
hoomxb.net
6s2.space
rsholding.net
castellanacustomboats.online
tremblock.com
ramblingkinkster.com
teamsooners.club
onlinecasino-univ.com
dash8board.com
aichuncha.com
springhilllawn.com
zgluke.com
happynft.agency
urbanempireapparel.com
guanyiren.com
biglotteryking.com
marionkgregory.store
mujeresyaccion.com
smcusa.net
mayyon.net
vivibanca.website
15dgj.xyz
miabossjewelry.com
ideeperloshopping.cloud
healizy.com
huvao.com
huggsforbubbs.com
radiomacadam.online
firirifilms.com
knowhorses.com
chickenbeetlebooks.com
transtarintl.com
Targets
-
-
Target
Scan0198DHL-pdf.exe
-
Size
381KB
-
MD5
8656201f1f8783272ae26af18738b3be
-
SHA1
8e58965b093a142c39972f3e20f6e68668f1ff35
-
SHA256
d3ff7ff9f8508bfdba95e8f26e0f4a31fc2c12376248de452e2d6fc349abc870
-
SHA512
edc48617d537138cbef5c21b11c85c6409371c0fc0b7fd6da897f17193dbe8d7650f11419fa82daedf637b0125655307fcb39ef7121fc12f5c7da9d037d79338
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-