General
-
Target
3eaa45b1b77a0f1b92cec746a2923be593a95f5381293533d5a6759c9d03667e
-
Size
957KB
-
Sample
220508-gykt9ahae8
-
MD5
b8623660b1b26ec220e2a37a55e6bd2d
-
SHA1
0259af6dd86d4fbc6e08664f339c22ee9a21f61b
-
SHA256
3eaa45b1b77a0f1b92cec746a2923be593a95f5381293533d5a6759c9d03667e
-
SHA512
00ccc39be883518d7a1e49a3b3e03816c25c87add553d78cf8ccc693572a9025c1f14d656c96f998d1461d7e22dd8b605d8eb18338c68feace26e3f4e6be28d8
Static task
static1
Behavioral task
behavioral1
Sample
3eaa45b1b77a0f1b92cec746a2923be593a95f5381293533d5a6759c9d03667e.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3eaa45b1b77a0f1b92cec746a2923be593a95f5381293533d5a6759c9d03667e.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
formbook
4.1
emh
nispvisaservice.com
nikhigiovani.com
weddingmotions.com
villaorhome.com
tikigolf3d.com
mndesignw.com
jeeugae.com
xn--80ayhfu4d.xn--80asehdb
alpinefall.com
circespa.com
digiqsalon.com
kangzhanxian.com
fourleaftextiles.com
inclusivehealthresearch.com
zhongruiyintai.com
xobowoa.space
tiantipaihangbang.com
friendsofricoelmore.net
abalto.xyz
elisautodetailingllc.com
rodronbein.com
grabngogranny.com
manage-funds.com
ziyong9.xyz
positivelycosy.com
freetimecleaningservices.com
billpollakwritingandediting.com
mastjio.com
thelittleredcraftshack.com
lawyeronlineacademy.com
mgameinfo.com
espacoweb.com
moccustoms.com
freecatsociety.com
elsie24gourmetgrill.com
exyron.xyz
thedreamsachievers.com
marieriksmoen.com
hamarazayaka.com
mentatrain.info
odorfood.com
cinargenerator.com
matsubokkuri-huhu.com
responsible.academy
workspacefor1.com
ukchealth.com
edgecomput.info
serialphilanthropy.com
uptown-accounting.com
computers-atlanta.com
digitplusone.store
gardencontainerbar.com
betteringthehumanexperience.xyz
wxxxtw.com
yuanerkang.club
meditec-s.com
ahazaneim.com
missunderstoodclothing.com
lavenderfarmsboutique.com
aminamaroc.com
covaana.com
cutaboveonline.com
healthcarereservists.com
mariannehoefer-krey.com
bringkyliehome.com
Targets
-
-
Target
3eaa45b1b77a0f1b92cec746a2923be593a95f5381293533d5a6759c9d03667e
-
Size
957KB
-
MD5
b8623660b1b26ec220e2a37a55e6bd2d
-
SHA1
0259af6dd86d4fbc6e08664f339c22ee9a21f61b
-
SHA256
3eaa45b1b77a0f1b92cec746a2923be593a95f5381293533d5a6759c9d03667e
-
SHA512
00ccc39be883518d7a1e49a3b3e03816c25c87add553d78cf8ccc693572a9025c1f14d656c96f998d1461d7e22dd8b605d8eb18338c68feace26e3f4e6be28d8
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-