General
-
Target
MTIR22024323_0553381487_20220112120005.vbs
-
Size
77KB
-
Sample
220113-qrty1saea9
-
MD5
564601676bee71f5f61a44ef170d92a6
-
SHA1
76fca984dab2358e66524172e04a3528f33d8e18
-
SHA256
5e12314df61fd39cad151a41fb0d3188e437c591fa7498f09f103dea4a46f141
-
SHA512
a9b778cd8bb8684c9f7f7e0b9d79d17c2b0fab326fbfd59f818c7aaa403bf3fc67cf9944b2149b17e742feff9217c2a2ed3f18e15a8be82dbd4b709f5b86fe1d
Static task
static1
Behavioral task
behavioral1
Sample
MTIR22024323_0553381487_20220112120005.vbs
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
MTIR22024323_0553381487_20220112120005.vbs
Resource
win10-en-20211208
Malware Config
Extracted
formbook
4.1
wk3t
cherrykidzclub.com
n104w16417dongesbayrd.info
pronetheus.com
tukarbelanjadapatemas.com
commlike.info
securityhackersteam.com
rainbowhitch.com
nursesgrowhealth.com
discontinuanceanywhere.com
comprehensivetitle.site
astrostorytell.store
bighorncountymtjail.com
tetoda.xyz
derivedflame.online
staging-api-projectstanley.com
mcxca.com
thebluefellowsnft.com
arizonakissesco.com
prototypephase.com
aprillemack.com
mrrviaa0.com
reloindiana.com
osscurrency.com
orderlaespigabakery.com
leohillmodeling.com
ybferro.com
laorganicwarehouse.com
coastalrey.com
gavno.online
ienqqv.xyz
ttautoglass.com
jeffreywlewiscarpentry.com
aromav60.online
d4vlkjrx.xyz
agooddomain.com
pse516.info
trustexpressfreight.com
tropiksuncc.com
greenrailfinancialgroup.com
caoyuzhou.tech
calibergaragedoorrepairsinc.com
medxcuz.online
vqjktrqkgikswr.top
danaesoftware.com
onlinemagazineshop.online
exxxclusivenft.com
whatweather.today
smbyee.com
bjitwb.com
mellowsgummies.com
romeovillepowerwashing.com
cheapest-swimmingpool.com
bagspabandung.com
conservational.one
watertalk-kickstarter.com
japanesefood-osaka.com
aml-corp.com
insurancemetafi.com
bjxsjkj.com
teerspmr.com
fmkj888.group
lawoe.net
promotourpackages.com
danielsden.store
jewelrystore1.com
Targets
-
-
Target
MTIR22024323_0553381487_20220112120005.vbs
-
Size
77KB
-
MD5
564601676bee71f5f61a44ef170d92a6
-
SHA1
76fca984dab2358e66524172e04a3528f33d8e18
-
SHA256
5e12314df61fd39cad151a41fb0d3188e437c591fa7498f09f103dea4a46f141
-
SHA512
a9b778cd8bb8684c9f7f7e0b9d79d17c2b0fab326fbfd59f818c7aaa403bf3fc67cf9944b2149b17e742feff9217c2a2ed3f18e15a8be82dbd4b709f5b86fe1d
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook Payload
-
Adds policy Run key to start application
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-