General
-
Target
3f84431741cecf17b3a9529c376d23e474c31e8de26bab5da4d688be6c7332cb
-
Size
281KB
-
Sample
220521-bv78gsffal
-
MD5
1f9942930c851bfb2d6de6af17bdbd41
-
SHA1
8627146e5f2eb26e3eddbff6c4a120a1b23c577a
-
SHA256
3f84431741cecf17b3a9529c376d23e474c31e8de26bab5da4d688be6c7332cb
-
SHA512
9ba9e0caa112382ab68f4779b55d200e47e08d1e9b2ddd793f4b5380660549bfd6f27ae1e2eeebb059153cbc771e11e29fba93a79db429267537541411a9c3d3
Static task
static1
Behavioral task
behavioral1
Sample
contract supply list.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
c38r
angleprotool.com
drilldownaccountancy.com
puur-bb.info
laptoprepairbrighton.net
mainstale.com
soketones.com
cohi.ltd
washntivow.com
datajagabon.online
solidlike.com
tapaznoncc.com
deadoralive.site
sharkapexdwal.com
tribun-news.com
67chain.com
paramorphous.net
chicagoxqa.com
301zaq.info
mansfieldpowdercoating.net
stopdizzy.com
edildecor.info
earth-edge.com
hklpf.com
umiusnage7.ltd
justinteutonico.com
daxiangshare.com
thiwari.com
merm.world
westernconsultant.com
com-musclebuilding.services
vitaminarts.com
gbgroup100.com
sanpulga.com
timelesssurvival.com
hgeetor.com
get-it-cheaper.com
shivmudraagency.com
widthcycl.com
jhomerballfunerealhome.com
frasesymasusa.com
appsmomo.com
tv16589.info
theultimatechatzone.com
obpromote-h789.info
douxiangshou.com
lnternetbank.com
theinvestortribe.com
dentv.fyi
orchestre-rockseller.com
gefyun.com
thankgivingdecorating2017.com
randenanetu.info
engineeringku.com
ups-usa.com
911tfc.com
chairikitchen.com
recovery-web.info
top-blog.review
gettechtags.com
equifsxsecurity2017.com
icbcbk.net
sgllawnservices.com
thewellness.store
rockingchairworld.info
regulars7.info
Targets
-
-
Target
contract supply list.exe
-
Size
311KB
-
MD5
1c8f2480d5bfe4d9bbe8bc432ccc5c97
-
SHA1
5ff74ec7bd4d10582ce2c949ade827b1ccb23d21
-
SHA256
24f64f0f4a0f7b860db4e664e4f4c76a08f20d3490966de4637958bbecc618ac
-
SHA512
158ec88cc3d9ee15c2a96402e58547bd58896be18cc9502c8e204a21e85e3657cd4d07be03fba888911ff4d26e40b882afbc97ab6d04f8f1a67260205126acfe
-
Formbook Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-