General
-
Target
a06d2e1f81c746b5c7751e96ab655602b97a89aa58f089cbc4f3a9fe3690d3fe
-
Size
620KB
-
Sample
220521-abldyahhg7
-
MD5
75183008da23617c64b2db5ec7d7b6b5
-
SHA1
9ed3f169c13c4467e96cec0693784d1e961cb03e
-
SHA256
a06d2e1f81c746b5c7751e96ab655602b97a89aa58f089cbc4f3a9fe3690d3fe
-
SHA512
6ae8227999f5f9df43c66a40f4dfffa3ce3761d27003c7c57c4bd7518acfae7d1b1acc4a76c39c222f0a8601ed973e5ea16cfc43145fc426e220a06641697ccb
Static task
static1
Behavioral task
behavioral1
Sample
BL PL.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
wus
generativecoaching.net
skillmosaic.com
practicalmaster.com
12aminmiami.com
instagramsupport.online
mainelse.net
qqysmr.com
wealthxd.com
videoadscreator.com
dltzscl.com
cotaforjulyans.com
forcend.com
shinjukufilm.com
bsq30.com
dragonsrose.net
loganbuys.com
wwwfitnessymusica.com
microbladingdublin.com
corporateiconic.com
sunshinegroupnyc.com
cpc000.com
aerialliftland.com
50j6tfl4t7.biz
phransus.com
sepez.com
alephmim.com
mobster.tech
armanismiami.com
maviswancyzk.com
prephurricane.com
danielryanwrites.com
niruli96.party
westgastro-lbc.com
gofoodieweb.com
daveselectricalco.com
treasuresofwallstreet.com
ebaychinadirect.com
michaelmaffait.com
konnect-4.com
weiguanwo.com
joycestravels.com
allstatehurricaneirmaclaims.com
necoservicios.com
kuishei.com
twentydc.scot
semohomesource.com
graymensociety.com
jswmpc.com
tlpropertybuyers.com
azteccar.com
thesourcespirit.com
fhtps.com
sabrinacameron.com
130aa4.com
junowagashi.com
seocherubin.com
fashionnpva.com
photoidrental.com
sierraassets.net
zhubao258.com
athenscraftbeerexpo.com
zzizzle.net
greengoenvironmental.com
goveducc.com
howcuty.com
Targets
-
-
Target
BL PL.exe
-
Size
567KB
-
MD5
4cc9a0255352e0410c74eeeb1c64ba67
-
SHA1
a3b5dd3aebf2e427cc7da89aff59575099f106fa
-
SHA256
718524efef50f9e043f3db594db14aa1f5e3fba213539b5b219638d089937afe
-
SHA512
6f1de62ec8b8c15352feb86a9f2f8839f29740da7ceae50c4ae3fe4951cdfd79131607fbb50aa0f5d64151513ed26d436a8f162ce17368b37f01e747d833ba94
-
Formbook Payload
-
Looks for VirtualBox Guest Additions in registry
-
Adds policy Run key to start application
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-