General
-
Target
Listings.exe
-
Size
1.0MB
-
Sample
210112-pkbmqp31ya
-
MD5
8e52804cdbda6301ebcc8305e29a7adb
-
SHA1
08a307e9beac8a1d92bf0f48b61e3d4cbf00bae1
-
SHA256
64ec03c92b5fbbb63420e370ff8f879454ddd61c88f3ff41e2f5ce09eabab5f2
-
SHA512
294156442c6bd4a3d782c07070088fcd901b26b4bceac439c5d77d21f5028548b53f5aaf9c7f75eda78e8856a92c6a2e994b4c29965a4597a69ad4b29e18a745
Static task
static1
Behavioral task
behavioral1
Sample
Listings.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.xn--fteagency-l4a.com/kta/
westside-protection.com
masurparty.com
empreendendonlline.com
tldojj.com
aboveground.farm
a5malaysia.com
guchuanjiu.com
freshdogsfood.com
wownewsclub.icu
rosanegarcia.com
hairstyletrending.com
myworld4shop.com
studioexplit.com
rivercityelec.com
andreahendersonrealty.com
matsallen.com
kaeclothingco.com
physicshut.com
tianwz.com
pcstrategies.com
softlinks.net
massagepillow.host
arightcunt.com
nanakomatsu.com
uoudo.com
kamustogel.info
thecenturionsboy.com
ne-accessibletransport.com
stoetzel.net
erdostrading.com
matikxc.com
vibinphoto.com
svirskydesign.com
vafenceco.net
learningadvisers.com
scherleitner.com
hotel-delmar.com
tiamias.com
parkdasom.com
rapidosgarcia.com
18d66bae1a33.info
hhhtszyht.com
ufukhukuk.com
tipsnstones.com
furtheless.website
tinysender.com
stcshosting.com
allterdsmatter.com
olenfex.com
rishangmenye.com
steveharpercounseling.com
vaishalisatelier.com
firstcontinentalfood.com
everyome.com
ssgaqia.com
santaananursinghomeabuse.com
andreadeangelis.net
magnetics-lashes.com
timelessdawn.com
inyathiglobal.com
bardhulkupa.com
diamondsmoneysecret.com
geduvineqa.com
uqabi.net
Targets
-
-
Target
Listings.exe
-
Size
1.0MB
-
MD5
8e52804cdbda6301ebcc8305e29a7adb
-
SHA1
08a307e9beac8a1d92bf0f48b61e3d4cbf00bae1
-
SHA256
64ec03c92b5fbbb63420e370ff8f879454ddd61c88f3ff41e2f5ce09eabab5f2
-
SHA512
294156442c6bd4a3d782c07070088fcd901b26b4bceac439c5d77d21f5028548b53f5aaf9c7f75eda78e8856a92c6a2e994b4c29965a4597a69ad4b29e18a745
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-