General
-
Target
Booking Declined.scr
-
Size
1.1MB
-
Sample
210505-jys3cd7cz2
-
MD5
72014c837d630e0eb8b79d0995166d47
-
SHA1
57ea4b26a34c0779ae9767cc957452883475cadc
-
SHA256
2deb22be02f4464416048e124a39c1a8df4f29ba90d783d27bfcefa29ddce161
-
SHA512
c74de6fc4b35c52b25062ca5d82f93e93f5978eebacac89fc6e473d6c52141b0737fccbd7810820a5c31ad08ad7288b86f6784b7e9ced821bab13d4a2c8b4c69
Static task
static1
Behavioral task
behavioral1
Sample
Booking Declined.scr
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.evolvekitchendesign.com/ffw/
unmutedgenerations.com
localmoversuae.com
centralrea.com
geyyfphzoe.com
silverpackfactory.com
techtronixx.com
shop-deinen-deal.com
buehne.cloud
inspirefreedomtoday.com
chapelcouture.com
easton-taiwan.com
quanaonudep.store
merzigomusic.com
wpzoomin.com
service-lkytrsahdfpedf.com
yeasuc.com
mydogtrainingservice.com
galeribisnisonline.com
cscremodeling.com
bom-zzxx.com
ensobet88.com
vegancto.com
digivisiol.com
advancetools.net
gzqyjd.com
xtgnsl.com
ftfortmyers.com
g-siqueira.com
ufdzbhrxk.icu
tiekotiin.com
youschrutedit.com
takahatadenkikouji.com
goodfastco.com
jtelitetraining.com
planet-hype.com
gigwindow.com
levelxpr.com
besttechmobcomm.info
funneldesigngenie.com
mylisting.cloud
alltwoyou.com
mortgagesandprotection.online
monthlydigest.info
senlangdq.com
postphenomenon.com
slymwhite.com
masonpreschool.com
wahooshop.com
meridiangummies.com
samsungpartsdept.com
saludbellezaybienestar.net
vickifoxproductions.com
shawandwesson.info
nutrepele.com
gorillatanks.com
praktijkinfinity.online
lanteredam.com
refinedmanagement.com
tiwapay.com
fruitsinbeers.com
charliekay.net
realironart.com
sonsofmari.com
kedingtonni.com
Targets
-
-
Target
Booking Declined.scr
-
Size
1.1MB
-
MD5
72014c837d630e0eb8b79d0995166d47
-
SHA1
57ea4b26a34c0779ae9767cc957452883475cadc
-
SHA256
2deb22be02f4464416048e124a39c1a8df4f29ba90d783d27bfcefa29ddce161
-
SHA512
c74de6fc4b35c52b25062ca5d82f93e93f5978eebacac89fc6e473d6c52141b0737fccbd7810820a5c31ad08ad7288b86f6784b7e9ced821bab13d4a2c8b4c69
-
Formbook Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-