General
-
Target
dhl Shipment of Original Documents.7z
-
Size
384KB
-
Sample
220405-xprt7sfaeq
-
MD5
201427b56826da739af4ac6224685aa2
-
SHA1
65ec9fce281a5a584f97f5a4ad2ba6607f4b4687
-
SHA256
d40e7bfcb2c388e14ec03a7318cf1a66fb6b3ee43f065bf71ac60e40e28f2f82
-
SHA512
64e405fde8dfe2a694af0e935178eac01b457396fefa8087f00a8e8eadc026f19271029796ae4ab41f11b0d01b096c3f03aff9bfa5e32a6986c9d140b9ab9b87
Static task
static1
Behavioral task
behavioral1
Sample
dhl Shipment of Original Documents.exe
Resource
win7-20220331-en
Malware Config
Extracted
xloader
2.5
n8bs
monese-bank.com
silkypumps.xyz
tashabouvier.com
eduardoleonsilva.com
pinnaclecorporaterentals.com
megafluids.com
worldwidecarfans.com
benjamlnesq.com
unitedraxiapp.com
thetanheroes.com
jypmore.quest
indianasheriffs.biz
saintinstead.com
alldansmx.com
trulyproofreading.com
indotogel369.com
mermadekusse.store
radosenterprisellc.com
gseequalservices.com
techride.xyz
2031corp.com
centelytics.com
payperlivecalls.com
iphone13promax.guide
leadslingerstraining.com
generateideasint.com
afgelocal2741.com
n-visionlearning.com
strumagokart.quest
noisesocial.com
completefilmguide.com
mawuyrapaulin.com
heptagonfx.com
hype-clicks.com
uxog0.online
932381.com
trumpetrofnky.xyz
samudombang.com
hairtederionos.com
10karmy.com
nangniubanchanviet.online
brooklynprowellness.com
rockstarcleaningclub.com
rollnwin.top
breastextra.com
zahad-riedel.com
xuebqufvcdbgbqypuywgntpy.store
blogging2success.com
cnshippingagency.com
danielquasar.net
allthingsdog.info
legaltulsa.com
pure-impression.store
jonbeedle.com
ndtailgateofchampions.com
steelhorserescue.com
smart-realy.com
rebornmkt.com
zaktheme.xyz
myfranciscanshoe.com
linkedinupdate.com
fulviopires.com
magicspaces.digital
avtoshop761.com
myveguiolcusbyopappgroup.com
Targets
-
-
Target
dhl Shipment of Original Documents.exe
-
Size
553KB
-
MD5
a82c07f002aa3512a000eecebf425af6
-
SHA1
f21fed9c74a59cb2ca81a9ac0d32253c0e80b77b
-
SHA256
48642cfdf59906d5b22ec805f79b953e37a44d4dad2bef8b55e5155dfe92ad55
-
SHA512
fdde17438c1c68361acc91f89bf77d8ab1d74ad55a9eb4fab62499aacb0085b8fdf137463c0ee70d6b3735632351589923261ffdccb8ac3a8997979887aebc66
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-