General
-
Target
DHL Notification_pdf.exe
-
Size
922KB
-
Sample
221201-n2w51sea52
-
MD5
2e20cd4c0bacb0215d89790119b4c07d
-
SHA1
2296db4bde732ee09af6e61b6796835eca3f22fd
-
SHA256
c531fabadc6804c5ec1a9d2741e8e3a1366baca83b70acac740b9996489df4bd
-
SHA512
c4ee37f3d87ce9715bf6b17c518d89186d9e13a989762d031e100285df585c2c0e04ca3177ddd25d36733763cb2cd7c41f56ec2d8d9cf467bd1d04caa8abb4cd
-
SSDEEP
12288:3iK6qU+EZX8KtiKtNGrPF7AcIzqwDGWxGGYN1Kj+4EO1p49wDdzoa1cfN:yK+RF5NqOcJwnAGYc+RO1m9wDdEPf
Static task
static1
Behavioral task
behavioral1
Sample
DHL Notification_pdf.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
DHL Notification_pdf.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
formbook
4.1
j17j
playphf.live
solarthinfilmtec.com
gdhaoshan.com
posh-designs.com
369andrewst.com
doverupblications.com
hengshangmei.com
decungo.com
checksinthemaiil.com
4localde.com
wetakeoveryourhousepayments.com
overcharge-center.com
mmmmmboulder.com
almaszarrin.net
enterpriseturkey.com
lanierfurniture.com
lhzb726-gw021.vip
onuiol.com
dmitrytodosyev.com
117uuu.com
amantrading.net
speechcraft.site
precetpsdigital.com
specialeventsemail.net
rainbowagency.net
keswickhorse.site
yingchiyc.com
bookandcrackle.com
deveauwedding.com
ponigyi.online
yanabaservices.com
queersitive.com
physicallyeducated.com
cccamipto.club
intelifaqs.com
kailashbus.com
4thgencontractors.online
doblesworld.net
buddler.online
mimiskloset.com
digiskies.tech
shyzb.net
updateberitaviral.xyz
digitaljalalu.com
sesac.online
estudiomaof.com
kominka-japan.com
stickatpocket.store
olianon.com
sdnuohai.com
abdulrahmanjamal.com
eroptik.online
dienlanhbienhoa24h.com
britishlogs.com
getmoregadgets.com
defiloyalties.com
supremocintrol.com
lianci.ren
kujiajia.buzz
uula.shop
s-roof.com
kedsdance.com
timeremotejob.com
sulamat.com
downvidro.net
Targets
-
-
Target
DHL Notification_pdf.exe
-
Size
922KB
-
MD5
2e20cd4c0bacb0215d89790119b4c07d
-
SHA1
2296db4bde732ee09af6e61b6796835eca3f22fd
-
SHA256
c531fabadc6804c5ec1a9d2741e8e3a1366baca83b70acac740b9996489df4bd
-
SHA512
c4ee37f3d87ce9715bf6b17c518d89186d9e13a989762d031e100285df585c2c0e04ca3177ddd25d36733763cb2cd7c41f56ec2d8d9cf467bd1d04caa8abb4cd
-
SSDEEP
12288:3iK6qU+EZX8KtiKtNGrPF7AcIzqwDGWxGGYN1Kj+4EO1p49wDdzoa1cfN:yK+RF5NqOcJwnAGYc+RO1m9wDdEPf
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-