General
-
Target
16072024_1535_16072024_DHL_UOC2_240708172813545.pdf.z
-
Size
570KB
-
Sample
240716-s1ralasbre
-
MD5
2eeaed47e2728788a89a6e53fa5f8aed
-
SHA1
4d6e6530b3fed602a57f83789c9732146f09888c
-
SHA256
fc46187003aa1a9985cee2654c50b04faa8167ac6f2e0a18234707fc7b8414af
-
SHA512
4fe4acdd14751358512a6b2213733400faeb0209fecde31250a866e07d46bbf1b53e6ccba8ce9ab60d4fe1d2972b655b1870995633d6c37e02ad78cf02a10653
-
SSDEEP
12288:Yn0MU5FtH6rPendz7ovrYa2zxCBDdFAfNdlMVp0dAgr1n+jme/lo:w/U5FtHgK/kEyPAf5GCkFo
Static task
static1
Behavioral task
behavioral1
Sample
DHL_UOC2_240708172813545.pdf.exe
Resource
win7-20240704-en
Malware Config
Extracted
formbook
4.1
rn94
st68v.xyz
conciergenotary.net
qwechaotk.top
rtpdonatoto29.xyz
8ad.xyz
powermove.top
cameras-30514.bond
vanguardcoffee.shop
umoe53fxc1bsujv.buzz
consultoriamax.net
hplxx.com
ndu.wtf
yzh478c.xyz
bigbrown999.site
xiake07.asia
resdai.xyz
the35678.shop
ba6rf.rest
ceo688.com
phimxhot.xyz
010101-11122-2222.cloud
champion-casino-skw.buzz
laku77.bar
popumail.net
stargazerastrology.click
beauty.university
t460.top
sparkyos.app
day2go.net
minrungis.shop
cognigrid.com
abandoned-houses-39863.bond
liderparti.store
hinet.tech
moviemax.live
business-printer-22001.bond
yakintv.pro
longmaosol.xyz
hello4d.dev
vestircool.store
surpriseinside.net
betflixfan.asia
ln2m1.shop
5302mcavt.website
conf-contact.online
31140.ooo
bdkasinoxox.xyz
nicoleb.tech
mainz-cruise-deals.today
run-run.tokyo
practicalfranchises.info
usmanovbanki-uz.space
superlottery.top
zabbet911.bet
ambassadorshipvottings.click
sangforln.tech
expertoffersusa.lat
plong.cloud
cryptoautomata.dev
dq33xa.xyz
handtools-16660.bond
24763wbk.hair
sportswear-30530.bond
lusuidnx.shop
laske.xyz
Targets
-
-
Target
DHL_UOC2_240708172813545.pdf.exe
-
Size
1.0MB
-
MD5
2465ce9d09372c4daf8a9d6d36c11915
-
SHA1
08e205473e1bf912fe01e7183cc4e7f880f0e86c
-
SHA256
fa9ea4e8935d55eb5ef1846b525f02572e147be07c11588e55475e1d7a173676
-
SHA512
137e60039c82e7ace769a7914050b0dd7152a57780f4dcb7e6df0ad818fe38f45b2fc0e1ff4eb0d2f0d86cbc6fb0b1cdb74aafb224709755c390a2c390f5fed4
-
SSDEEP
24576:EAHnh+eWsN3skA4RV1Hom2KXMmHa4N1hfjVEc5:Th+ZkldoPK8Ya4NvbVX
-
Formbook payload
-
Blocklisted process makes network request
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-