General
-
Target
DHL - OVERDUE ACCOUNT NOTICE - 1301474408.exe
-
Size
24KB
-
Sample
220218-we6d6scgd4
-
MD5
bde4dfd451afa6d4c05a461aa7a7a8f0
-
SHA1
8a7073c182c5d082c39606261f27385c687eb72a
-
SHA256
222ec0d11854ff17251acc457268745b9a0cc3e94c6e6534aa4a8476e713a231
-
SHA512
7b8bda162d8db7b96a8e57d304f57d4386112ff25d86b7398963f194e4b047c0e37737095f296dd147212790aa7280d77ef85f3fc6e7956ef5b6135c20bd7b08
Static task
static1
Behavioral task
behavioral1
Sample
DHL - OVERDUE ACCOUNT NOTICE - 1301474408.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
DHL - OVERDUE ACCOUNT NOTICE - 1301474408.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
xloader
2.5
po6r
jnhuichuangxin.com
mubashir.art
extol.design
doyyindh.xyz
milanoautoexperts.com
4thefringe.com
453511.com
sellathonautocredit.com
velgian.com
6672pk.com
wodeluzhou.com
sumiyoshiku-hizaita.xyz
imoveldeprimeira.com
dgjssp.com
endokc.com
side-clicks.com
cashndashfinancial.com
vanhemelryck.info
agamitrading.com
woofgang.xyz
atnetworkinc.com
malleshtekumatla.com
com-home.xyz
buildyourmtg.com
viairazur.xyz
drproteaches.com
amaznsavings.com
karencharlestonrealtor.com
bootstrategy.com
mimtgexpert.com
sebzvault.com
brtaclub.com
gicarellc.com
annehonorato.com
rafalgar.com
bergenyouthorchestra.com
entrevistasesenciales.com
thekneedoctors.com
grosseilemireal.estate
celestialdrone.art
bouwdrogerhurenvlaanderen.com
koppakart.com
irishykater.quest
blinglj.com
editorparmindersingh.com
klnhanced.quest
divinebehaviorsolutions.com
amprope.com
futuracart.com
ditrhub.com
eaoeducationprogramme.com
smartplumbing.services
revelandlaceevents.com
bikedh.xyz
pacificdevelopmentstudio.com
palisadesskivacation.com
happy-pets.xyz
killyourselfnigger.com
sonicdrillinginstitute.com
alibabascientific.com
sh-leming.com
aseelrealestate.com
lohmueller.gmbh
ngoccompany.com
healthonline.store
Targets
-
-
Target
DHL - OVERDUE ACCOUNT NOTICE - 1301474408.exe
-
Size
24KB
-
MD5
bde4dfd451afa6d4c05a461aa7a7a8f0
-
SHA1
8a7073c182c5d082c39606261f27385c687eb72a
-
SHA256
222ec0d11854ff17251acc457268745b9a0cc3e94c6e6534aa4a8476e713a231
-
SHA512
7b8bda162d8db7b96a8e57d304f57d4386112ff25d86b7398963f194e4b047c0e37737095f296dd147212790aa7280d77ef85f3fc6e7956ef5b6135c20bd7b08
Score10/10-
Modifies WinLogon for persistence
-
Xloader Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-