General
-
Target
3b9835f6e3d5fd46701146e248b31235.exe
-
Size
1.1MB
-
Sample
201221-r7l373j1gx
-
MD5
3b9835f6e3d5fd46701146e248b31235
-
SHA1
9df56a241742199811b8ce0e26cf01982f001690
-
SHA256
8ffbefabdee1ed26446ccf3729a50b4ced8428476f68c5070837faf97bcb4161
-
SHA512
143ff8a920545b16d315929f3a2b527df9ce1c8804c1f461cf7c3366a058c43e368869b7c0f8d86ea542ccb3a0ea58c8a0536667be3f1d6ac5be07d03dc4acf8
Static task
static1
Behavioral task
behavioral1
Sample
3b9835f6e3d5fd46701146e248b31235.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
3b9835f6e3d5fd46701146e248b31235.exe
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.herbmedia.net/csv8/
slgacha.com
oohdough.com
6983ylc.com
aykassociate.com
latin-hotspot.com
starrockindia.com
beamsubway.com
queensboutique1000.com
madbaddie.com
bhoomimart.com
ankitparivar.com
aldanasanchezmx.com
citest1597669833.com
cristianofreitas.com
myplantus.com
counterfeitmilk.com
8xf39.com
pregnantwomens.com
yyyut6.com
stnanguo.com
fessusesefsee.com
logansshop.net
familydalmatianhomes.com
accessible.legal
epicmassiveconcepts.com
indianfactopedia.com
exit-divorce.com
colliapse.com
nosishop.com
hayat-aljowaily.com
soundon.events
previnacovid19-br.com
traptlongview.com
splendidhotelspa.com
masterzushop.com
ednevents.com
studentdividers.com
treningi-enduro.com
hostingcoaster.com
gourmetgroceriesfast.com
thesouthbeachlife.com
teemergin.com
fixmygearfast.com
arb-invest.com
shemaledreamz.com
1819apparel.com
thedigitalsatyam.com
alparmuhendislik.com
distinctmusicproductions.com
procreditexpert.com
insights4innovation.com
jzbtl.com
1033325.com
sorteocamper.info
scheherazadelegault.com
glowportraiture.com
cleitstaapps.com
globepublishers.com
stattests.com
brainandbodystrengthcoach.com
magenx2.info
escaparati.com
wood-decor24.com
travelnetafrica.com
Targets
-
-
Target
3b9835f6e3d5fd46701146e248b31235.exe
-
Size
1.1MB
-
MD5
3b9835f6e3d5fd46701146e248b31235
-
SHA1
9df56a241742199811b8ce0e26cf01982f001690
-
SHA256
8ffbefabdee1ed26446ccf3729a50b4ced8428476f68c5070837faf97bcb4161
-
SHA512
143ff8a920545b16d315929f3a2b527df9ce1c8804c1f461cf7c3366a058c43e368869b7c0f8d86ea542ccb3a0ea58c8a0536667be3f1d6ac5be07d03dc4acf8
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader First Stage
-
Xloader Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-