General
-
Target
nova narudžba.exe
-
Size
613KB
-
Sample
210421-2t8rz4my3e
-
MD5
e3d04586f820d0b32ac72b9447890181
-
SHA1
8e34dafea4406548b0af762e6ecbd42d156a1b58
-
SHA256
f5b24f949895b74aa3b6bbb47e215f55f1846bf82bf462db83eff295e72fb5f7
-
SHA512
aceccdf0246730f9775855f2359f54b11e33d9d1aa8c71053f1894feaf0d0d6491f04bd019ead6173cc2f3d05b34ed4b3f0a9bd536cce2a8260ce8d0df86f475
Static task
static1
Behavioral task
behavioral1
Sample
nova narudžba.exe
Resource
win7v20210408
Malware Config
Extracted
formbook
4.1
http://www.quetech.info/ykl/
856380056.xyz
collegesx.com
glenoindustrysupply.com
latingames.net
ykdxlfd.icu
donnapharris.com
thememoryofmiracles.com
youngbrotherhawaii.com
loolake.info
e-scrutiny.com
bebeautybehappy.com
ankhopxa.store
315520.com
octamira.com
dggy100.com
gkjpondokgede.com
yoursnips.com
analog-capture.com
wnetn.com
blmisajoke.com
veganweightlossgroup.com
lll3dmax.com
netconzulting.com
austinwaredrumsrums.com
sf99my.com
yumtacobell.com
wesocialhouse.com
gralntec.com
packingmybags.com
sportstergarage.com
sejelas.com
elmerironworks.com
sharethisprofit.com
poeticdata.network
suyakchiropractic.com
lownak.com
mauvetalentco.com
unitpay.press
iepmidivinonjg.com
awakentransformed.com
hakutaka1970.com
hallaloaysa.info
cypresol.com
seventh8th.net
eggnthings.com
bklobstermacncheese.com
heatshrinkplastics.com
seodemy.net
saricakuyumculuk.com
personaltech.net
hyper-quote.com
asiarealestateawards.com
canadacalendars.com
advanceconstructores.com
meuble-de-chaussure.xyz
jigsawfloors.com
htraps.com
tiennghimini.com
hotelsperlonga.com
justifiedm2solution.com
barkonthego.com
funnygirlmedia.com
tjyhyw.com
insuredbe.com
Targets
-
-
Target
nova narudžba.exe
-
Size
613KB
-
MD5
e3d04586f820d0b32ac72b9447890181
-
SHA1
8e34dafea4406548b0af762e6ecbd42d156a1b58
-
SHA256
f5b24f949895b74aa3b6bbb47e215f55f1846bf82bf462db83eff295e72fb5f7
-
SHA512
aceccdf0246730f9775855f2359f54b11e33d9d1aa8c71053f1894feaf0d0d6491f04bd019ead6173cc2f3d05b34ed4b3f0a9bd536cce2a8260ce8d0df86f475
-
Formbook Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-