General
-
Target
SecuriteInfo.com.Gen.Variant.Androm.29.12612.8788
-
Size
252KB
-
Sample
210507-hqlacnl1ye
-
MD5
2a284fbd7e5e4f010e9322e93a238fde
-
SHA1
1d4621ba747111332fd2f8c9bae67c5c44fc768a
-
SHA256
c09b2348606b04620b185f4658474843eef3d9ec99ae70145a481b955d50aebf
-
SHA512
3707c20b942b05e6146f2d4ec20dcd28f73bbb9b5ff279bbc599cd5365c4940aefba2d619dd842b0a4b7a6df16a28536462630f7dbe6a82e4918123eaa40d1d7
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Gen.Variant.Androm.29.12612.8788.msi
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.craftsman-vail.com/cca/
whenpigsflyhigh.com
artistiklounge.com
tinytrendstique.com
projektpartner-ag.com
charvelevh.com
easycompliances.net
zengheqiye.com
professionalmallorca.com
bonzerstudio.com
nelivo.com
yangxeric.com
aredntech.com
twincitieshousingmarket.com
allshadesunscreen.com
xiang-life.net
qmcp00011.com
lindsayeandmarkv.com
fbcsbvsbvsjbvjs.com
saveonthrivelife.com
newdpo.com
raazjewellers.com
sangsterdesign.com
thedatdaiquiris.com
uljanarattel.com
daebak.cloud
hurricanekickgg.com
mercadilloartisanalfoods.com
salahdinortho.com
thisislandonbraverman.com
siliconesampler.com
youxiaoke.online
trucity.net
mychicpartyboutique.com
adsvestglobal.com
lidoshoreslistings.info
mexicoaprende.online
4-2ararinost.com
kevinberginlbi.com
vaudqa.com
alignedenergetics.info
conmielyconhiel.com
urweddingsite.com
angelshead.com
renejewels.com
sim201.com
fkdjjkdjkrefefe.com
thecontentchicks.com
sarikayalar.net
herspacephilly.com
fortwayneduiattorney.com
vallejocardealers.com
gmworldservice.com
mybuddyryde.net
zeneanyasbyerika.com
downloadhs.com
hernonymous.com
suu6.com
xuehuasa.ltd
miacting.com
thefreedomenvelope.com
yihuisq.net
steamshipautjority.com
lowcarblovefnp.com
knm.xyz
Targets
-
-
Target
SecuriteInfo.com.Gen.Variant.Androm.29.12612.8788
-
Size
252KB
-
MD5
2a284fbd7e5e4f010e9322e93a238fde
-
SHA1
1d4621ba747111332fd2f8c9bae67c5c44fc768a
-
SHA256
c09b2348606b04620b185f4658474843eef3d9ec99ae70145a481b955d50aebf
-
SHA512
3707c20b942b05e6146f2d4ec20dcd28f73bbb9b5ff279bbc599cd5365c4940aefba2d619dd842b0a4b7a6df16a28536462630f7dbe6a82e4918123eaa40d1d7
-
Formbook Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-