General
-
Target
New _Inquiry P.O4622.vbs
-
Size
77KB
-
Sample
220121-rqp44shgb3
-
MD5
24e935f7534a81a7fd4e32daeab208a5
-
SHA1
251ac05ebc8c963418dccddda127d2a81b5097db
-
SHA256
5e6d8684c3f71ca6a76d22d1ddc536f302738a3027d22a5b1ce1852c9c551d99
-
SHA512
4bd0afc25da140efadb8f49350df7dca32c781a520c85f217d77db6602e51a7731ef955b7d412f5a3edaa0c70cffe47b9b44eda88c3378052d101a1e071f4ede
Static task
static1
Behavioral task
behavioral1
Sample
New _Inquiry P.O4622.vbs
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
New _Inquiry P.O4622.vbs
Resource
win10-en-20211208
Malware Config
Extracted
formbook
4.1
k6sm
mingshengjewelry.com
ontimecleaningenterprise.com
alyssa0.xyz
ptecex.xyz
dukfot.online
pvcpc.com
iowalawtechnology.com
nestletranspotation.com
mysithomes.com
greenlakespaseattle.com
evofishingsystems.com
unilytcs.com
ordemt.com
dentalbatonrouge.com
pictureme360.net
chalinaslacatalana.com
newmirrorimage.xyz
pinklaceandlemonade.com
rapinantes.com
yzicpa.com
josephosman.com
robsarra.com
shumgroup.net
flooringnewhampshire.com
onceadayman.com
audiomacklaunch.xyz
hurryburry.com
golfvid.info
tutortenbobemail.com
tatlitelasorganizasyon.com
tqgtdd.space
classicalruns.com
xx3tgnf.xyz
galwayartanddesign.com
qidu.press
crypto-obmennik.com
dn360rn001.com
tridim.tech
phamhome.com
mediadollskill.com
loveatmetaverse.com
electric4x4parts.com
azulymargarita.com
isadoramel.com
rubyclean.com
officiallydanellewright.com
wu8d349s67op.xyz
detetivepyther.com
wondubniumgy463.xyz
registry-finance3.com
ultracoding.com
open-4business.com
supremelt.online
pangfeng.xyz
morneview.com
northfloridapsychic.com
kg4bppuh.xyz
friv.asia
epsilonhomecare.com
hbina.com
beachhutprinting.com
sophoscloudoptix.net
managemarksol.site
palestyna24.info
usyeslogistics.com
Targets
-
-
Target
New _Inquiry P.O4622.vbs
-
Size
77KB
-
MD5
24e935f7534a81a7fd4e32daeab208a5
-
SHA1
251ac05ebc8c963418dccddda127d2a81b5097db
-
SHA256
5e6d8684c3f71ca6a76d22d1ddc536f302738a3027d22a5b1ce1852c9c551d99
-
SHA512
4bd0afc25da140efadb8f49350df7dca32c781a520c85f217d77db6602e51a7731ef955b7d412f5a3edaa0c70cffe47b9b44eda88c3378052d101a1e071f4ede
-
Formbook Payload
-
Adds policy Run key to start application
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-