General
-
Target
12-4.exe
-
Size
1.4MB
-
Sample
201205-2k9kfxegkx
-
MD5
86e9f171ca095286ac610deaf54c7667
-
SHA1
ea152559408d3ce06448b654fd9e79b843ad6975
-
SHA256
37cfb7fb31732401d50f7f17c28fbea5997ef4a7236ce89f37dc57675a76b23f
-
SHA512
7c1e51c851e03cd06ebe619b908e3eb133cc291d843909154067019b32ca9919a8323327d8f6527aa36be68630f3ed15dc5c1afa3b4c73157750916abe5f79f2
Static task
static1
Behavioral task
behavioral1
Sample
12-4.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
12-4.exe
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.leadershifts.academy/gwg/
horne-construction.com
sailbayvolleyball.com
eyecareplusnj.com
iteups.com
longhuixiang.com
sticksnbites.com
wildeuk.com
toprankvehicles.com
hongkongcocktailweeks.com
mehysox.com
monogrammed.xyz
chateauboiseseniorliving.com
purplecherry.online
prashantenterprises.net
systemmigrationservices.com
317redwood.com
cerytefrehabilitacion.com
dontusecicdtestdotenfo50772.com
safeansecurity.com
bualepitso.site
izt.xyz
otmgfreeseobook.com
thedoublebubble.com
healthybackcompany.com
veil-walker.com
bleachedanddistressed.com
advocatusloyal.com
tumejornegocio24.com
webdesigntops.com
gongeph.com
xingningjob.com
imageedit.net
tamarixconsultancy.com
amy-packages.com
ssl9-cds-secure.com
priestlyfollet.com
fajarwedssarah.com
forester-crane.com
snackerlust.com
myimperialcare.com
forenvid.com
cvscarepasscard.com
christiantiktok.com
remarcleads.com
wdc000.com
mexicanstandoffstudio.com
pennyanncavalier.com
webmailexchanger.com
majornopain.com
s2zyy.com
wondermeg.com
enqutercompenses.com
trave-illflavored.info
bjprivatetour.com
httpsjaredspolishing.com
uzmanoyun.com
silviafox.com
milavins.com
waldenbrokers1.com
thermocoupletemp.com
firewar-baiak.online
awsdiscoveryday.com
dollaypop.com
hornyvikings.com
Targets
-
-
Target
12-4.exe
-
Size
1.4MB
-
MD5
86e9f171ca095286ac610deaf54c7667
-
SHA1
ea152559408d3ce06448b654fd9e79b843ad6975
-
SHA256
37cfb7fb31732401d50f7f17c28fbea5997ef4a7236ce89f37dc57675a76b23f
-
SHA512
7c1e51c851e03cd06ebe619b908e3eb133cc291d843909154067019b32ca9919a8323327d8f6527aa36be68630f3ed15dc5c1afa3b4c73157750916abe5f79f2
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook Payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-