General
-
Target
DHL - OVERDUE ACCOUNT NOTICE - 1301474408.exe
-
Size
17KB
-
Sample
220221-ef9pjsfafm
-
MD5
23c8ac1dece030f7b6a967116135a2bd
-
SHA1
fcd3afc6427bf06794a34ba8fa8101a210d83453
-
SHA256
0abb22830a161d2009ae8067a6807250990022c039c3006dc13b3ca4af789f67
-
SHA512
0027b3b16d9b0f9fce4416264f1999d1b5ba97b27a7a807858745f81cde0b581a2e2d8a5449067b435b06f1f2a64cb512196d34aac15ea617ec8da8c894bbbf2
Static task
static1
Behavioral task
behavioral1
Sample
DHL - OVERDUE ACCOUNT NOTICE - 1301474408.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
DHL - OVERDUE ACCOUNT NOTICE - 1301474408.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
xloader
2.5
po6r
jnhuichuangxin.com
mubashir.art
extol.design
doyyindh.xyz
milanoautoexperts.com
4thefringe.com
453511.com
sellathonautocredit.com
velgian.com
6672pk.com
wodeluzhou.com
sumiyoshiku-hizaita.xyz
imoveldeprimeira.com
dgjssp.com
endokc.com
side-clicks.com
cashndashfinancial.com
vanhemelryck.info
agamitrading.com
woofgang.xyz
atnetworkinc.com
malleshtekumatla.com
com-home.xyz
buildyourmtg.com
viairazur.xyz
drproteaches.com
amaznsavings.com
karencharlestonrealtor.com
bootstrategy.com
mimtgexpert.com
sebzvault.com
brtaclub.com
gicarellc.com
annehonorato.com
rafalgar.com
bergenyouthorchestra.com
entrevistasesenciales.com
thekneedoctors.com
grosseilemireal.estate
celestialdrone.art
bouwdrogerhurenvlaanderen.com
koppakart.com
irishykater.quest
blinglj.com
editorparmindersingh.com
klnhanced.quest
divinebehaviorsolutions.com
amprope.com
futuracart.com
ditrhub.com
eaoeducationprogramme.com
smartplumbing.services
revelandlaceevents.com
bikedh.xyz
pacificdevelopmentstudio.com
palisadesskivacation.com
happy-pets.xyz
killyourselfnigger.com
sonicdrillinginstitute.com
alibabascientific.com
sh-leming.com
aseelrealestate.com
lohmueller.gmbh
ngoccompany.com
healthonline.store
Targets
-
-
Target
DHL - OVERDUE ACCOUNT NOTICE - 1301474408.exe
-
Size
17KB
-
MD5
23c8ac1dece030f7b6a967116135a2bd
-
SHA1
fcd3afc6427bf06794a34ba8fa8101a210d83453
-
SHA256
0abb22830a161d2009ae8067a6807250990022c039c3006dc13b3ca4af789f67
-
SHA512
0027b3b16d9b0f9fce4416264f1999d1b5ba97b27a7a807858745f81cde0b581a2e2d8a5449067b435b06f1f2a64cb512196d34aac15ea617ec8da8c894bbbf2
-
Modifies WinLogon for persistence
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-