General
-
Target
DHL Express.exe
-
Size
248KB
-
Sample
220127-qeyfnsdbhj
-
MD5
bba45c96ad4627c4c0b1f25fb7a23c7a
-
SHA1
6f9c219a08aca7c57f6add9d8a730be6178713c6
-
SHA256
d80690916721f1f23e0c913d3f6c71428464e8141a49763c75e450ef21d984e8
-
SHA512
4b823ce229d01060b72ea7ace20d81c9be83462af38c29fad0de9ae493c4db18ae2dbaa53cbb32086082b83246d6467a4a7c81bebf016bdd00c303aaa44a0e31
Static task
static1
Behavioral task
behavioral1
Sample
DHL Express.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
3a4h
mohamedmansour.net
asap.green
influxair.com
45mpt.xyz
cablerailingdesign.com
salesdisrupter.com
cxfarms.com
enerconfederal.com
pl1x.top
nyoz.top
fitnesz.website
minimi36.com
borealiselectricalrepair.com
miskalqurashi.com
importacionesdelfuturo.com
cigfinanacial.com
luxamata.xyz
digicoin724.com
gozabank.com
tribal-treasures.com
hose.center
myzipe.com
cqi2zp.biz
prodello.com
faciso.com
budgethoortoestellen.info
toddlyonsfishing.com
phhmrotgage.com
wcf888.xyz
paypal-caseid194.com
bobstranz.com
aerthlabel.com
echotrailliving.com
dysmict.com
ijoimr.com
excellentcreation.store
at-commercial-co.com
aeczpx99pxgd.biz
khuj1.com
reactivephysiorehab.com
trup.club
barber-king.online
shippingcontainerhomeus.com
sumanita.network
alyssaandrobert2022.com
greatamericanlandworks.com
fortlauderdalepartyboats.com
lqmrfw.com
industrionaires.com
potholepatrol.club
lagardeningsolutions.com
bigceme3.com
rebuildgomnmf.xyz
chimneysweepdetroit.com
tucochepordinero.com
companyintel.systems
xn--snabbtkrkortonline-j3b.com
fermentvmkwjm.online
cnywocean.com
tadrosmortgages.com
healthylifefit.com
smartcapitalpay.online
hiratasistemaseassociados.com
nowidza.com
oshirohego.com
Targets
-
-
Target
DHL Express.exe
-
Size
248KB
-
MD5
bba45c96ad4627c4c0b1f25fb7a23c7a
-
SHA1
6f9c219a08aca7c57f6add9d8a730be6178713c6
-
SHA256
d80690916721f1f23e0c913d3f6c71428464e8141a49763c75e450ef21d984e8
-
SHA512
4b823ce229d01060b72ea7ace20d81c9be83462af38c29fad0de9ae493c4db18ae2dbaa53cbb32086082b83246d6467a4a7c81bebf016bdd00c303aaa44a0e31
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-