General
-
Target
Tvoz_f.exe
-
Size
610KB
-
Sample
210401-dxcyr7mbg2
-
MD5
990ac5ec3a883e92ec8272d5545ceb14
-
SHA1
4ca88fe6340a20fbdbb84bace746347ae5200059
-
SHA256
b7b60cdc8b19e55d3977250a9b64c254afd7e78bb1ffd8ec44dca4000b7da52b
-
SHA512
3db9be8a8939842b0a3e3d400009fe15a45defbcbcb456e0e2b14391791ea2134bfd85d2eeac3eea6ea95b52241daa737a0b0ecf9e8625f59edf89718e207a77
Static task
static1
Behavioral task
behavioral1
Sample
Tvoz_f.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Tvoz_f.exe
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.electronicservicesonline.com/jsyp/
chernigiv-quest.com
s-sashenzhen.com
curedtherapy.com
esketamine.doctor
advantagehail.com
greensolartechinternet.com
omaybread.com
afrocanlinks.com
luisxe.info
qygmuakh.club
mutlulukdileriz.net
lifelineglobalministries.today
aaa1roofing.com
bestcoworker.com
exclusiveoffer.bet
answerwill.com
canelonni.com
getuvewedre.com
mrhotelsthailand.com
brabantinecityrow.com
sparklycraze.com
thelungans.com
vivibrand.com
healthfromtheoutsidein.com
thelibraryofspice.com
stroudrealty.com
benfit-help18.club
cbg-hemp.com
ussnowbirds.com
stonetoweradvisory.com
gulfsouthequipmentsales.com
kosmolottosports.com
tchool.net
bestcuttingtools.com
ebn1.com
nilohoney.com
mamatyarirenntaru.club
tennissteustache.com
gradarquitectos.com
wwwmysweetapple.com
openupfuture.com
hieron.art
zgqclbuj.com
registro-digital-1bn.xyz
ayurpreneur.com
newyorkfishingcompany.com
pnkhotels.com
uplender.net
peacebeyourjourney.com
progressher.com
homebrewsupermarket.com
alliancecorporateconsulting.com
baoxinsm.com
christinaliew.net
euygunfirmalar.com
novelty-fishing-products.com
oorheersing.com
lottojoongsim.net
drmebpc.xyz
ploycraftmc.com
lifeimproviser.com
nukestate.com
cazaferry.com
manojmusic.com
Targets
-
-
Target
Tvoz_f.exe
-
Size
610KB
-
MD5
990ac5ec3a883e92ec8272d5545ceb14
-
SHA1
4ca88fe6340a20fbdbb84bace746347ae5200059
-
SHA256
b7b60cdc8b19e55d3977250a9b64c254afd7e78bb1ffd8ec44dca4000b7da52b
-
SHA512
3db9be8a8939842b0a3e3d400009fe15a45defbcbcb456e0e2b14391791ea2134bfd85d2eeac3eea6ea95b52241daa737a0b0ecf9e8625f59edf89718e207a77
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-