General
-
Target
4cb2041db0a8696f1853543f5c03b89a.exe
-
Size
850KB
-
Sample
210112-nhy7qn7fle
-
MD5
4cb2041db0a8696f1853543f5c03b89a
-
SHA1
aaa3e737d72504340eeb6111d7d51c8a7e37efe2
-
SHA256
04e7f27915298f09a1486331df3f0e5121e4a7856f41290f48200255b8b82df8
-
SHA512
2d4a07afc9dbb6c1f81c5e6f16c51763f2fd42bba2e77c0310b17ee949aad3e88562e5d13f77c13449585ddd2918512e80b8735e9fbf7155826ee39d566d938a
Static task
static1
Behavioral task
behavioral1
Sample
4cb2041db0a8696f1853543f5c03b89a.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.thesiromiel.com/kgw/
valentinakasu.com
soyelmatador.com
collaborativeprosperity.com
power8brokers.com
nexus-ink.com
manpasandmeatmarket.com
the-ethical-forums.today
maryannpark.com
bikininbodymommy.com
pxwuo.com
bigbangmerch.com
okaysinger.com
shopcarpe.com
rainbowhillsswimclub.com
crifinmarket.com
ebl-play.net
forceandsonsequipment.com
viagraytqwi.com
latashashop.com
suffocatinglymundanepodcast.com
metanoria.com
camera-kento.com
hotsaledeals.store
outlawgospelshow.com
saisaharashipping.com
buyiprod.com
pestigenix.com
opendesignpodcast.com
patentml.com
covaxbiotech.com
youjar.com
domvy.xyz
remodelmemphis.com
milehighdistributionllc.com
merchandisingpremium.com
fallguysmovile.com
actuelburo.xyz
nedlebow.com
shopcryptocurrency247.com
riellymoore.com
affinitymotorsales.com
akmh.pro
hsrrxs.com
atlanticdentallab.com
sagarpantry.com
murinemodel.com
karybeautycare.com
boshangkeji.com
dailynewstodays.com
oregonpyramids.com
dsjmzyz.com
gidagozlemevi.com
tribelessofficial.com
cyberonica.com
onehourcheckout.com
tenaflypedatrics.com
nbworldfire.com
setyourhead.com
manticore-habitat.com
iqftomatoes.com
fejsearesete.com
gregsgradeaappliancerepair.com
sfmfgco.com
directprnews.com
Targets
-
-
Target
4cb2041db0a8696f1853543f5c03b89a.exe
-
Size
850KB
-
MD5
4cb2041db0a8696f1853543f5c03b89a
-
SHA1
aaa3e737d72504340eeb6111d7d51c8a7e37efe2
-
SHA256
04e7f27915298f09a1486331df3f0e5121e4a7856f41290f48200255b8b82df8
-
SHA512
2d4a07afc9dbb6c1f81c5e6f16c51763f2fd42bba2e77c0310b17ee949aad3e88562e5d13f77c13449585ddd2918512e80b8735e9fbf7155826ee39d566d938a
-
Formbook Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-