General
-
Target
SecuriteInfo.com.Gen.Variant.Androm.29.22420.16142
-
Size
252KB
-
Sample
210507-4bgegmyl1e
-
MD5
04d6b8269105608ef9a560927dc3a9fa
-
SHA1
80f9a44457b63b766ce26acfb69676a402c2b838
-
SHA256
dd3ecf0b5a39b287ba63687fe12ff1f1fcdde34adf0f3e30f7990ebc158347d8
-
SHA512
5e3b4db37438d9cc3591867ad38d1d7d9c1cb24b13ce2a798a7a1c8627ef64c157241d734067446f3ef4856ca5513db3d61c17ea030bca9361e01fb0fcdb31d2
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Gen.Variant.Androm.29.22420.16142.msi
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.111bjs.com/ccr/
abdullahlodhi.com
jevya.com
knoxvillerestaurant.com
mekarauroko7389.com
cricketspowder.net
johannchirinos.com
orangeorganical.com
libero-tt.com
lorenaegianluca.com
wintab.net
modernmillievintage.com
zgdqcyw.com
jeffabildgaardmd.com
nurulfikrimakassar.com
findyourchef.com
innovationsservicegroup.com
destek-taleplerimiz.com
whfqqco.icu
kosmetikmadeingermany.com
dieteticos.net
savarsineklik.com
newfashiontrends.com
e-mobilitysolutions.com
spaced.ltd
amjadalitrading.com
thejstutor.com
zzhqp.com
exoticomistico.com
oklahomasundayschool.com
grwfrog.com
elementsfitnessamdwellbeing.com
auldontoyworld.com
cumhuriyetcidemokratparti.kim
thetruthinternational.com
adimadimingilizce.com
retreatwinds.com
duoteshop.com
jasonkokrak.com
latindancextreme.com
agavedeals.com
motz.xyz
kspecialaroma.com
yuejinjc.com
print12580.com
ampsports.tennis
affordablebathroomsarizona.com
casnop.com
driftwestcoastmarket.com
bjsjygg.com
gwpjamshedpur.com
reserveacalifornia.com
caobv.com
culturaenmistacones.com
back-upstore.com
jjsmiths.com
iamxc.com
siobhankrittiya.com
digitalakanksha.com
koatku.com
shamushalkowich.com
merplerps.com
fishexpertise.com
sweetheartmart.com
nqs.xyz
Targets
-
-
Target
SecuriteInfo.com.Gen.Variant.Androm.29.22420.16142
-
Size
252KB
-
MD5
04d6b8269105608ef9a560927dc3a9fa
-
SHA1
80f9a44457b63b766ce26acfb69676a402c2b838
-
SHA256
dd3ecf0b5a39b287ba63687fe12ff1f1fcdde34adf0f3e30f7990ebc158347d8
-
SHA512
5e3b4db37438d9cc3591867ad38d1d7d9c1cb24b13ce2a798a7a1c8627ef64c157241d734067446f3ef4856ca5513db3d61c17ea030bca9361e01fb0fcdb31d2
-
Formbook Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-