General
-
Target
dd2338c1c8e798e8428bbd62513e3ca5aafb8d238a01e67e32330c7e383f2c1f
-
Size
985KB
-
Sample
210122-fcshl9fhhe
-
MD5
7d89ba5fdb75f333becfd437de73f6d4
-
SHA1
5c7c02592bfae2711c7f82647e426e06a8bc453d
-
SHA256
dd2338c1c8e798e8428bbd62513e3ca5aafb8d238a01e67e32330c7e383f2c1f
-
SHA512
c613e89d6e5015448e3db9be5162d345a7d01ecd9d86a2385787695d31a2619ea171091aae06ab199450bd22ddfb910a6158e36eaa87821c79c1c01ba8a45404
Static task
static1
Behavioral task
behavioral1
Sample
dd2338c1c8e798e8428bbd62513e3ca5aafb8d238a01e67e32330c7e383f2c1f.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
dd2338c1c8e798e8428bbd62513e3ca5aafb8d238a01e67e32330c7e383f2c1f.exe
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.unitedfootballcamps.com/bf3/
ecatcom.com
what3emoji.com
primbathandbody.com
yt-itclub.com
newbieeer.com
getyoursofa.com
mexicanitems.info
catalogcardgames.net
leagueofwomengolfers.com
gvanmp.com
midnightsunhi.com
cnluma.com
sunsetcherrydesigns.com
cosmoproturkey.com
inifinityapps.net
making50masks.com
battalionice.com
uk-calculation.net
frosteatlove.com
bs-mag.com
cuisd.life
searchlx.com
treycorbies.com
excellencepi.com
4week-keto-results.com
rotationdietplan.com
chinahousecoralville.com
xidao168.com
detuimelaar.com
fairschedulinglaws.com
jinnolouie.com
expresslacross.com
akealuminum.com
madebazar.com
phimixx.com
jel-tv365.com
shakahats.com
thabaddieztrap.net
petsglorious.com
misuperblog.com
scorebuddycx.com
sgbsmb.com
coolbeanstudios.com
khitthihonvidai.com
myattorneychoicesyoufind.info
thenewsdig.com
freeuikit.net
everydaycollars.com
carrerco.com
reviewdrkofford.com
dragonflyroad.com
quinple.com
kollektiv.agency
cimbank.info
productoshealthyandfun.com
dovecuwnebawe.com
saihohealth.com
thehostingroad.com
tadalafil.website
whereiswillgroup.com
ukchealth.com
alaskanoddgoods.com
praktik-stuff.online
gaiactg.com
Targets
-
-
Target
dd2338c1c8e798e8428bbd62513e3ca5aafb8d238a01e67e32330c7e383f2c1f
-
Size
985KB
-
MD5
7d89ba5fdb75f333becfd437de73f6d4
-
SHA1
5c7c02592bfae2711c7f82647e426e06a8bc453d
-
SHA256
dd2338c1c8e798e8428bbd62513e3ca5aafb8d238a01e67e32330c7e383f2c1f
-
SHA512
c613e89d6e5015448e3db9be5162d345a7d01ecd9d86a2385787695d31a2619ea171091aae06ab199450bd22ddfb910a6158e36eaa87821c79c1c01ba8a45404
-
Formbook Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-