General
-
Target
SecuriteInfo.com.W32.Injector.AHL.genEldorado.26044.10817
-
Size
256KB
-
Sample
210503-dgkezfk1pa
-
MD5
209bb97a7d4d13ab2482bd82fd987b50
-
SHA1
55065471e78d7d34826e4df38f4538bb2c17a63a
-
SHA256
ee1e6c57be9de3dde5f374dd49232f23b3667b52fdf770649bbd27a1abceaa16
-
SHA512
de6bb5d78edf6a89c96d7a3af5ae679ce019ce2e737bdf13b81a0fdf00ddc1145022255d7bcb3b45b07112cf7e14cfabdf7effc7d54fdedc804251aec1e76e73
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.Injector.AHL.genEldorado.26044.10817.msi
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.111bjs.com/ccr/
abdullahlodhi.com
jevya.com
knoxvillerestaurant.com
mekarauroko7389.com
cricketspowder.net
johannchirinos.com
orangeorganical.com
libero-tt.com
lorenaegianluca.com
wintab.net
modernmillievintage.com
zgdqcyw.com
jeffabildgaardmd.com
nurulfikrimakassar.com
findyourchef.com
innovationsservicegroup.com
destek-taleplerimiz.com
whfqqco.icu
kosmetikmadeingermany.com
dieteticos.net
savarsineklik.com
newfashiontrends.com
e-mobilitysolutions.com
spaced.ltd
amjadalitrading.com
thejstutor.com
zzhqp.com
exoticomistico.com
oklahomasundayschool.com
grwfrog.com
elementsfitnessamdwellbeing.com
auldontoyworld.com
cumhuriyetcidemokratparti.kim
thetruthinternational.com
adimadimingilizce.com
retreatwinds.com
duoteshop.com
jasonkokrak.com
latindancextreme.com
agavedeals.com
motz.xyz
kspecialaroma.com
yuejinjc.com
print12580.com
ampsports.tennis
affordablebathroomsarizona.com
casnop.com
driftwestcoastmarket.com
bjsjygg.com
gwpjamshedpur.com
reserveacalifornia.com
caobv.com
culturaenmistacones.com
back-upstore.com
jjsmiths.com
iamxc.com
siobhankrittiya.com
digitalakanksha.com
koatku.com
shamushalkowich.com
merplerps.com
fishexpertise.com
sweetheartmart.com
nqs.xyz
Targets
-
-
Target
SecuriteInfo.com.W32.Injector.AHL.genEldorado.26044.10817
-
Size
256KB
-
MD5
209bb97a7d4d13ab2482bd82fd987b50
-
SHA1
55065471e78d7d34826e4df38f4538bb2c17a63a
-
SHA256
ee1e6c57be9de3dde5f374dd49232f23b3667b52fdf770649bbd27a1abceaa16
-
SHA512
de6bb5d78edf6a89c96d7a3af5ae679ce019ce2e737bdf13b81a0fdf00ddc1145022255d7bcb3b45b07112cf7e14cfabdf7effc7d54fdedc804251aec1e76e73
-
Formbook Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-