General
-
Target
DHL Consgnment Notification_pdf.exe
-
Size
814KB
-
Sample
221128-jfamnsbe8t
-
MD5
eccc5475dd661be20724e6b8a131f664
-
SHA1
adbd86d7ccdab284d0080f0a08e3d426a8df21b8
-
SHA256
5868cacef685463a6d4ff4d34f487d09e844511fd4d0f22b4c7ab00a92a2818a
-
SHA512
f61dfbb25c44e9bcc5334b95c1c54c2275876ee50610995dfda2fc6090b9b05e5da66831d288b53e313b6c1aec4b0e24d001792425965914eb03f6d6bdfd19c6
-
SSDEEP
12288:vFyMNTl159j9G9+a3DY366UqXbAyBWWapIg95lvTHRyoY:3b1XZGAaT56VrAyepIgvpjRpY
Static task
static1
Behavioral task
behavioral1
Sample
DHL Consgnment Notification_pdf.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
4.1
g28p
whhmgs.asia
wellmedcaredirect.net
beggarded.com
wtpjiv.site
todo-celulares.com
parkitny.net
43345.top
pro-genie.com
cwdxz.com
cbc-inc.xyz
healthspots.net
rulil.top
pyramidaudit.solutions
k8sb15.live
hempaware.report
usclink.life
stayefs.net
05262.top
shop-izakaya-jin.com
iccworldcupnews.com
lulamail.xyz
dubaistocks.club
royaleyeandearhospital.com
cash-date.biz
hbfcjgj.com
zcx625.fun
compra-venta-autos.online
waltherchen.xyz
asyimpo.xyz
gayxxxporn.info
xn--igvy44d.xn--55qx5d
teaktime.net
aydesign.xyz
hfamq.site
tunayreklam.net
rxof.rest
naturebody.love
elijahelijah.com
lojasiadis.com
amazrsxrszwna.com
realtranzex.com
elelfo3d.fun
fse.community
28369.xyz
minigolfauthority.net
venturebestdeals.click
robeholidayrentals.store
edarva.skin
xikixvtj.work
ecolabspeyua.store
infidelitytoolkit.com
crawfordbayoysterroast.net
adenongel.dentist
appliancegrey.site
ky7769.com
kshd.xyz
ausbonusbets.com
aks.capital
rv8288.xyz
retetelebunicii.com
younginheart.net
ps4controller.net
todotutoriales10.com
boletosdeavionbaratos.com
spartanburgwebdesign.com
Targets
-
-
Target
DHL Consgnment Notification_pdf.exe
-
Size
814KB
-
MD5
eccc5475dd661be20724e6b8a131f664
-
SHA1
adbd86d7ccdab284d0080f0a08e3d426a8df21b8
-
SHA256
5868cacef685463a6d4ff4d34f487d09e844511fd4d0f22b4c7ab00a92a2818a
-
SHA512
f61dfbb25c44e9bcc5334b95c1c54c2275876ee50610995dfda2fc6090b9b05e5da66831d288b53e313b6c1aec4b0e24d001792425965914eb03f6d6bdfd19c6
-
SSDEEP
12288:vFyMNTl159j9G9+a3DY366UqXbAyBWWapIg95lvTHRyoY:3b1XZGAaT56VrAyepIgvpjRpY
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-