General
-
Target
DHL DELIVERY.exe
-
Size
699KB
-
Sample
220705-pnbgtsbad2
-
MD5
41884124cba96ed594a4ce06c09d8112
-
SHA1
c2aef6ea5658805d6e024a0a10d1fa615c671999
-
SHA256
fefd6d62f375b77450e01cab4eb17a9e811d975984c67935e5d75b9d6f067e7b
-
SHA512
dc96cec235cb493f9e1e28a473d7d10a13f05fe8bf926a1d3c7ab02f71a2177605568762d700b34ccb42956f3868f19c14ea13dfcbef4badd0e4a1f552808dad
Static task
static1
Behavioral task
behavioral1
Sample
DHL DELIVERY.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.8
pjeg
KlqN9GKA7Numbapc1ODn
f4mEg5v91c8=
wQlEQDDJrXBNY4FFqwXtrd0xMQ==
ezlCgGTw5oLqvS/dHDY=
3hteZErVBH3Og5k=
3c0ZIFGrnWU5SW0tYfC8SMMpMg==
Rw+DwjjHw6mSoS/dHDY=
9eMxRjbXxmYOc/9c1ODn
zA8sV6nBN0Eq2irvAS4=
CIUPTqu6JygHJ2RNqnM2ldQdbx/aZP0=
6udEthgwmYFWQGwuR96IDQo5Z+b6Tg==
QGh2vDBRsIBSLs8/oMyM/oVUy9Jt
aKj6cusAeSh5GyD+IsaycJ0MZ+b6Tg==
+4/JyEDMuL+MHpJ+kEXv
01GoohOmlD1YQ4A=
Sw7+ugMdMDiz
Huo6ifEAbIKdJ3Jn
6Ohlpto6ZgmEcA==
IFiitp1GOdcu0eittwmBm6M=
x/2srSSzpqiEZWYzSEIE10nh
lJMNOyjG4JJxUoI=
qFfpL6k0INkm0+rD8o8E10nh
nOTWPTJI6nJOZw==
i/09L5gsFeS+ihYCMjk=
tuUhF/IEczqZP2gxaOmtT0dUy9Jt
utxFQhUgjmQqBiHrPailcQ==
YSEwXznErLaVf9CotwmBm6M=
fAa6KYyV+//Po9Jc1ODn
Ffc6Lh9AsHfkty/dHDY=
xA18s5EiEboY0Nulvr5eX6yzBvg=
S8MUg24IBAvUicy23FHAxbo=
RH2noboUBa9xQKRrlA==
qtjoBmWC5ObIuNfDPailcQ==
O+p4qRkvkGV/caJi
DVWmvKhBEvLGsi/dHDY=
xbkXhPcMfRmAQKRrlA==
Y9c3PLxTNS794Pa00e7b/OUNT64l/vI=
+n7LzWtRn8U=
/K9FjAUUlD1YQ4A=
gikxXE/i1pAzrr5ynA==
PzuYCW2G6a0JruDHPailcQ==
3x8+ftf6Z1MyJjCo8xbw
Vr86cviNeFjKbaJc1ODn
S6CwOud+aSLt/x/XCJhDwgcMYWP/DPuR
JFZklfUYeTWvpy/dHDY=
t6P2EPqfgVwFZpx+
U8gODHOV9Qfx0uql5fHoZ2RU8NB6
hT/YJJivE7QQzhUFKMJEdI/2
Fq0oXcYgUFQtGVpexgUBDg0ubh/aZP0=
D2B08pk8SwHilCvbTrNX4BkbZ+b6Tg==
bJ7c2tPycoKdJ3Jn
iExYfVjtwZl2e6Jc1ODn
HVV0/WSN6nJOZw==
AwFVVj9Kt37aQKRrlA==
EDtgke8MgjSHJDwINEAE10nh
mJIaMiIlj+WTlZc=
2pIVPajFHgvixezYPailcQ==
bS9IYFFg0Mesqq6LswmBm6M=
cRqq10Jc05TqmuaQARL+
j5/S/NSDZgmEcA==
L9vwLyC6jmTJcdtpikPv
h8IQf+4Pf3BPXYdZc45MaqyzBvg=
ua0pVlBo38mbcYVPcfCwfb4kZ+b6Tg==
JFPfFQafhZ52QlExSvzOmbvCCMvrTA==
cannulapp.com
Targets
-
-
Target
DHL DELIVERY.exe
-
Size
699KB
-
MD5
41884124cba96ed594a4ce06c09d8112
-
SHA1
c2aef6ea5658805d6e024a0a10d1fa615c671999
-
SHA256
fefd6d62f375b77450e01cab4eb17a9e811d975984c67935e5d75b9d6f067e7b
-
SHA512
dc96cec235cb493f9e1e28a473d7d10a13f05fe8bf926a1d3c7ab02f71a2177605568762d700b34ccb42956f3868f19c14ea13dfcbef4badd0e4a1f552808dad
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-