General
-
Target
formnet.bin.zip
-
Size
716KB
-
Sample
210127-bhh7m3435j
-
MD5
9c18365005daeb47a7a6eee0bc04036b
-
SHA1
1da994ef3c5ba4d3aab64f60fd3343280d357ac9
-
SHA256
348a213d357162a468541691850aa671bfe26a3618f2ce07ffe1cbd3c7431f2c
-
SHA512
0e39333d9e0d4137524bd0e22fb643ba44610f6571a2d89d6d8754702c8f21eabee6429cf0b2bda88ab59bb36fa2946aa7f4394485865d411ccd1e508f8b1798
Static task
static1
Behavioral task
behavioral1
Sample
formnet.bin.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
formnet.bin.dll
Resource
win10v20201028
Malware Config
Extracted
zloader
kev
26/01
https://gadgetswolf.com/post.php
https://homesoapmolds.com/post.php
https://govemedico.tk/post.php
Targets
-
-
Target
formnet.bin
-
Size
912KB
-
MD5
b0f3fa047f6ae39a145fd364f693638e
-
SHA1
1951696d8aca4a31614bb68f9da392402785e14e
-
SHA256
0bf22b8f9aaef21afe71fcbbea62325e7582dad410b0a537f38a9eb8e6855890
-
SHA512
86e4516705380617a9f48b2e1cd7d9e676439398b802eb6047cd478d4b10bf8f4ba20e019f337b01761fa247cd631ccab22851f078089c2e1c61574bca9f5b98
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-