General
-
Target
Scan 25112020 pdf.exe
-
Size
1.1MB
-
Sample
201125-qxj4q5t8ns
-
MD5
3bf7d6e52f705caf7c60c80f3924b6a5
-
SHA1
02f8bbb4c029ab6f87deff90c7d4617fbca5b493
-
SHA256
894f564c6c023c4baf66d72f13578bbfcd992b21f42f3f732887933d438ddbb7
-
SHA512
9a0630f62b593653c4cb96eb32fed3f284f9c139cc503ae21b228dd11854b2736d1e7900d3273a72cf27d0518cddaf0fa4e57aba3b4779c267a92686060827e9
Static task
static1
Behavioral task
behavioral1
Sample
Scan 25112020 pdf.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.lupipins.com/cxs/
hempfor.pro
jadavjilalji.com
parekhbrothersjewellers.com
soapsandcandle.com
slingshotde.com
alidesiro.com
78500975.xyz
mindfx.club
miyashita-geka-2.com
thescentofstyle.com
collegiatecoronavirus.com
techewa.com
liteletherapy.com
mbenguist.com
divorcetemeculalawyer.com
halostreams.net
brutus1.com
thenewdadbody.com
coppermines.net
henryciencias.com
treecipes.com
enchifran.com
damrcf.com
themoscowhub.com
proguard.solutions
springcreektowersny.com
miamipornstars.com
asapskins.com
2dryfog.com
xqkhym.com
dream11t20ipl.com
victoriagoh.com
functionsdesign.com
peaceloveheroes.com
tomcavanaughwriter.com
upcas.info
gplauze.com
prosperousroads.com
thekenyanshopper.com
northamericanbaitcompany.com
grannyfans.com
renemego.com
zsintion22.com
thedowscones.com
howtoreachfinancialfreedom.com
wwmllt.com
app-promocional.com
powerglidertours.com
fivearide.com
youarecoveredamerica.com
dlpsdz.com
deviceskills.online
blacadvisors.net
camilleauzerau-coaching.com
8600studio.com
gathermix.com
freefamsha.com
logcabinspaceship.com
marauder.tech
wowogrou.com
yuhmiao.com
am2a-w12.com
anfang1718.com
vmdpqbx.icu
Targets
-
-
Target
Scan 25112020 pdf.exe
-
Size
1.1MB
-
MD5
3bf7d6e52f705caf7c60c80f3924b6a5
-
SHA1
02f8bbb4c029ab6f87deff90c7d4617fbca5b493
-
SHA256
894f564c6c023c4baf66d72f13578bbfcd992b21f42f3f732887933d438ddbb7
-
SHA512
9a0630f62b593653c4cb96eb32fed3f284f9c139cc503ae21b228dd11854b2736d1e7900d3273a72cf27d0518cddaf0fa4e57aba3b4779c267a92686060827e9
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook Payload
-
ModiLoader First Stage
-
Deletes itself
-
Suspicious use of SetThreadContext
-