General
-
Target
RAQ11986.exe
-
Size
361KB
-
Sample
210226-vtnjgdplcj
-
MD5
725cb0465119c2d5cc1412e3d555ad04
-
SHA1
d6623ecd4f819c1597392fe423d41be071a000e1
-
SHA256
b32d120bf6320cf1d2d2223ad2a797eb0c20efceb12bd0655642387452ef3b6e
-
SHA512
4b9c8d288433d18be705099752bff38020c99b5496ce66e0a2cfeb99195840c9911f9b871620abb6219a873f05c2efb4b11507db6be386ba0639e545e3d53ae6
Static task
static1
Behavioral task
behavioral1
Sample
RAQ11986.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.wissinkadams.com/iae2/
mainstreetswimschool.com
nhadat9chu.com
guidedcommercialloan.com
quandd.site
smittysfrontlinecarriers.com
hmas-vibrant.com
pakunok.net
jiffihosting.com
shopping-container.com
quartiercreole.net
weebflix.com
gringomexico.com
whathappensnextin6minutes.com
patchealth.com
exclusivelymarissa.com
my-glp.com
trgtbk.com
sagefemmecaluire.com
fetaldiagnosislaboratorios.com
aniversariocom-presente12.com
bharatiyacraft.com
californialp.com
covidvirusbellcurve.com
footecs.com
africabiocity.com
nano-gizmo.com
nanotradefx.com
tessalateconsulting.com
lvlyourlife.com
azhello.com
theobxdirectory.com
wuqingsong.club
indiaonyourown.com
prepa-tests.com
theroyalsoft.com
femalevegan.com
angelises.com
mysqltosnowflake.com
myworldrealtors.com
krispychix.com
kfs.ltd
modifiedbots.com
les-kappes.net
yamlperf.com
52xianju.com
whatsmodish.com
assessoriasanntacfi.com
crazyontheflavor.com
homeownerdefenders.net
highcare.store
maglex.info
listvennica-market.com
discbrakepart.com
hoa142.com
westtexasweddingvideography.com
diplomadoenturismoderomance.com
avshijia9.com
satyam-group.com
corpclubperu.net
lvnwtr.com
italiandreamweddings.com
shiyusupplychain.com
neversprayedfoods.com
truckrev.com
Targets
-
-
Target
RAQ11986.exe
-
Size
361KB
-
MD5
725cb0465119c2d5cc1412e3d555ad04
-
SHA1
d6623ecd4f819c1597392fe423d41be071a000e1
-
SHA256
b32d120bf6320cf1d2d2223ad2a797eb0c20efceb12bd0655642387452ef3b6e
-
SHA512
4b9c8d288433d18be705099752bff38020c99b5496ce66e0a2cfeb99195840c9911f9b871620abb6219a873f05c2efb4b11507db6be386ba0639e545e3d53ae6
-
Beds Protector Packer
Detects Beds Protector packer used to load .NET malware.
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-