General
-
Target
DHL - OVERDUE ACCOUNT NOTICE - 1301474408.exe
-
Size
17KB
-
Sample
220220-ve5bfacfhq
-
MD5
aeaddb6a276a6dff4f24b8588c5e67f8
-
SHA1
00bb4c75c0227f965bc76bd2bef1a4aca9687d30
-
SHA256
b04aa6e695c5275ae754bd61c9f45bc3ebdfcc8aed769fae0d744284d072b15e
-
SHA512
47fefb178984e1eb736e17d78ee2ea1f269e7306f6c0b192b31748af3db33ef91d9d6213cfd96391fdaf71c00d9612a6d10012f4d2dc3f5707ca3de8eeb8fc01
Static task
static1
Behavioral task
behavioral1
Sample
DHL - OVERDUE ACCOUNT NOTICE - 1301474408.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
po6r
jnhuichuangxin.com
mubashir.art
extol.design
doyyindh.xyz
milanoautoexperts.com
4thefringe.com
453511.com
sellathonautocredit.com
velgian.com
6672pk.com
wodeluzhou.com
sumiyoshiku-hizaita.xyz
imoveldeprimeira.com
dgjssp.com
endokc.com
side-clicks.com
cashndashfinancial.com
vanhemelryck.info
agamitrading.com
woofgang.xyz
atnetworkinc.com
malleshtekumatla.com
com-home.xyz
buildyourmtg.com
viairazur.xyz
drproteaches.com
amaznsavings.com
karencharlestonrealtor.com
bootstrategy.com
mimtgexpert.com
sebzvault.com
brtaclub.com
gicarellc.com
annehonorato.com
rafalgar.com
bergenyouthorchestra.com
entrevistasesenciales.com
thekneedoctors.com
grosseilemireal.estate
celestialdrone.art
bouwdrogerhurenvlaanderen.com
koppakart.com
irishykater.quest
blinglj.com
editorparmindersingh.com
klnhanced.quest
divinebehaviorsolutions.com
amprope.com
futuracart.com
ditrhub.com
eaoeducationprogramme.com
smartplumbing.services
revelandlaceevents.com
bikedh.xyz
pacificdevelopmentstudio.com
palisadesskivacation.com
happy-pets.xyz
killyourselfnigger.com
sonicdrillinginstitute.com
alibabascientific.com
sh-leming.com
aseelrealestate.com
lohmueller.gmbh
ngoccompany.com
healthonline.store
Targets
-
-
Target
DHL - OVERDUE ACCOUNT NOTICE - 1301474408.exe
-
Size
17KB
-
MD5
aeaddb6a276a6dff4f24b8588c5e67f8
-
SHA1
00bb4c75c0227f965bc76bd2bef1a4aca9687d30
-
SHA256
b04aa6e695c5275ae754bd61c9f45bc3ebdfcc8aed769fae0d744284d072b15e
-
SHA512
47fefb178984e1eb736e17d78ee2ea1f269e7306f6c0b192b31748af3db33ef91d9d6213cfd96391fdaf71c00d9612a6d10012f4d2dc3f5707ca3de8eeb8fc01
-
Modifies WinLogon for persistence
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-