General
-
Target
DHL Document.exe
-
Size
780KB
-
Sample
220128-zsqsesddfj
-
MD5
c66df8b380d1db550cb5f0bc5ded67d7
-
SHA1
080556dec75ae3a4a844fcad0419d9c533c0c0d5
-
SHA256
6fc6d0526995ef4c7ab87e092759ef93e84495a8c71b9ec36b924bcf7c2fa75c
-
SHA512
f61d9cf4bbfb99c3cfaa641e7f37e8591b471bf851ea365ba508817812d0d685cab55b8502c3d30c05296f6710a16449d448265e36a2ff1f9ba089e56c3b7a56
Static task
static1
Behavioral task
behavioral1
Sample
DHL Document.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
how6
wealthcabana.com
fourfortyfourcreations.com
cqqcsy.com
bhwzjd.com
niftyfashionrewards.com
andersongiftemporium.com
smarttradingcoin.com
ilarealty.com
sherrywine.net
fsecg.info
xoti.top
pirosconsulting.com
fundapie.com
bbgm4egda.xyz
legalfortmyers.com
improvizy.com
yxdyhs.com
lucky2balls.com
panelmall.com
davenportkartway.com
springfieldlottery.com
pentagonpublishers.com
icanmakeyoufamous.com
40m2k.com
projectcentered.com
webfactory.agency
metronixmedical.com
dalingtao.xyz
functionalsoft.com
klopert77.com
cortepuroiberico.com
viavelleiloes.online
bamedia.online
skolicalunjo.com
kayhardy.com
excellentappraisers.com
sademakale.com
zbycsb.com
empirejewelss.com
coached.info
20215414.online
dazzlehide.com
swickstyle.com
specialtyplastics.online
noordinarysenior.com
bluinfo.digital
chuxiaoxin.xyz
adwin-estate.com
girlwithaglow.com
auctions.email
topekasecurestorage.com
mountain-chicken.com
lhdtrj.com
mhtqph.club
solatopotato.com
mecitiris.com
hotrodathangtrungquoc.com
gapteknews.com
mantraexchange.online
cinematiccarpenter.com
wozka.xyz
car-tech.tech
jssatchell.media
joyokanji-cheer.com
floridanratraining.com
Targets
-
-
Target
DHL Document.exe
-
Size
780KB
-
MD5
c66df8b380d1db550cb5f0bc5ded67d7
-
SHA1
080556dec75ae3a4a844fcad0419d9c533c0c0d5
-
SHA256
6fc6d0526995ef4c7ab87e092759ef93e84495a8c71b9ec36b924bcf7c2fa75c
-
SHA512
f61d9cf4bbfb99c3cfaa641e7f37e8591b471bf851ea365ba508817812d0d685cab55b8502c3d30c05296f6710a16449d448265e36a2ff1f9ba089e56c3b7a56
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-