General
-
Target
e87b10b098df8ff5906cb1154c78e83d.exe
-
Size
596KB
-
Sample
211027-pp2qeaegb3
-
MD5
e87b10b098df8ff5906cb1154c78e83d
-
SHA1
26417afefaabd707dae65d9fdd84178f4fb5e112
-
SHA256
4e25735dc713c78458f181caa0f09a6ea2ca79a708a3b22f52d1c936806de251
-
SHA512
87a959392f490e84346daffbbb3807a168b9c1ff4a4bdbf4b7e2e9db813377e1c9eb1a4be3b4cb7bd8eb011553d3367e818068d8af18c2e219543af7ca489e88
Static task
static1
Behavioral task
behavioral1
Sample
e87b10b098df8ff5906cb1154c78e83d.exe
Resource
win7-en-20211014
Malware Config
Extracted
formbook
4.1
hs3h
http://www.alefisrael.com/hs3h/
slairt.com
teresasellsflorida.com
resouthcarolina.com
npccfbf.com
hutshed.com
westatesmarking.com
rustmonkeys.com
kagawa-rentacar.com
easyvoip-system.com
admorinsulation.com
ericaleighjensen.com
zhonghaojiaju.net
apple-iphone.xyz
b0t.info
torgetmc.xyz
lawrencemargarse.com
6123655.com
macdonalds-delivery.com
cvpfl.com
ayudaparaturent.com
toptenanimals.com
zambiadawn.com
muzoe.com
xtrembabes.com
nomadicfoodpods.com
sibernewskaltara.com
thelyfetour.com
sailinn.xyz
cisiworld.com
right-effort.com
emmanuelleramaroson.com
aptgdaycare.com
yanceyhomes.com
minooshargh.com
littlemontars.com
liuhemustam.com
tajaraenterprises.com
myteepathfinder.com
nectarselector.com
digitalbusinesscard.website
kirakira-woman.xyz
tntexpressdelivery.com
collectcuriously.com
marielagarciarealty.com
javierramonmartinezalarcon.com
eis-investment.com
bookanyclick.com
primespotshop.com
heatdistrict.xyz
beadedjoy.com
oyster-gal.com
umateam.com
reservadaspalmeiras-mg.com
thiramirez.info
stanfec.xyz
cowcoupon.com
humaneeventmedia.com
exquisitepdc.com
silverartandcraft.com
plomeroelectricistaquintana.com
encounterniagara.com
ram-nilu.com
standwithcode.com
sphereexit.com
Targets
-
-
Target
e87b10b098df8ff5906cb1154c78e83d.exe
-
Size
596KB
-
MD5
e87b10b098df8ff5906cb1154c78e83d
-
SHA1
26417afefaabd707dae65d9fdd84178f4fb5e112
-
SHA256
4e25735dc713c78458f181caa0f09a6ea2ca79a708a3b22f52d1c936806de251
-
SHA512
87a959392f490e84346daffbbb3807a168b9c1ff4a4bdbf4b7e2e9db813377e1c9eb1a4be3b4cb7bd8eb011553d3367e818068d8af18c2e219543af7ca489e88
-
Formbook Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-