General
-
Target
7f44706f1c5ed5d723262bfa03b5500e.exe
-
Size
724KB
-
Sample
211014-ndcfpsghbr
-
MD5
7f44706f1c5ed5d723262bfa03b5500e
-
SHA1
2c8b87e78b625e5436a559e92ffffaf4d7d5f3f9
-
SHA256
7903434967ec18733812c4bdd4acdff871bfff5ce40528442272cf230822dd10
-
SHA512
ec067ee7a95adbb872fe5f38ada816db747e910401a3fba609c30f394a01262fb34e70e9f8af4be5fb7e6e728bcef327d968f24d2653baca6a067c5101e4d5d8
Static task
static1
Behavioral task
behavioral1
Sample
7f44706f1c5ed5d723262bfa03b5500e.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
hs3h
http://www.alefisrael.com/hs3h/
slairt.com
teresasellsflorida.com
resouthcarolina.com
npccfbf.com
hutshed.com
westatesmarking.com
rustmonkeys.com
kagawa-rentacar.com
easyvoip-system.com
admorinsulation.com
ericaleighjensen.com
zhonghaojiaju.net
apple-iphone.xyz
b0t.info
torgetmc.xyz
lawrencemargarse.com
6123655.com
macdonalds-delivery.com
cvpfl.com
ayudaparaturent.com
toptenanimals.com
zambiadawn.com
muzoe.com
xtrembabes.com
nomadicfoodpods.com
sibernewskaltara.com
thelyfetour.com
sailinn.xyz
cisiworld.com
right-effort.com
emmanuelleramaroson.com
aptgdaycare.com
yanceyhomes.com
minooshargh.com
littlemontars.com
liuhemustam.com
tajaraenterprises.com
myteepathfinder.com
nectarselector.com
digitalbusinesscard.website
kirakira-woman.xyz
tntexpressdelivery.com
collectcuriously.com
marielagarciarealty.com
javierramonmartinezalarcon.com
eis-investment.com
bookanyclick.com
primespotshop.com
heatdistrict.xyz
beadedjoy.com
oyster-gal.com
umateam.com
reservadaspalmeiras-mg.com
thiramirez.info
stanfec.xyz
cowcoupon.com
humaneeventmedia.com
exquisitepdc.com
silverartandcraft.com
plomeroelectricistaquintana.com
encounterniagara.com
ram-nilu.com
standwithcode.com
sphereexit.com
Targets
-
-
Target
7f44706f1c5ed5d723262bfa03b5500e.exe
-
Size
724KB
-
MD5
7f44706f1c5ed5d723262bfa03b5500e
-
SHA1
2c8b87e78b625e5436a559e92ffffaf4d7d5f3f9
-
SHA256
7903434967ec18733812c4bdd4acdff871bfff5ce40528442272cf230822dd10
-
SHA512
ec067ee7a95adbb872fe5f38ada816db747e910401a3fba609c30f394a01262fb34e70e9f8af4be5fb7e6e728bcef327d968f24d2653baca6a067c5101e4d5d8
-
Formbook Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-