General
-
Target
05fafaa473d50e4df54ac7f838b816f90fbb1cc1313cd514a275aed45ac1f6c3
-
Size
360KB
-
Sample
220521-d4l3qaggf9
-
MD5
48c264091019a9b86ec135b52ec9deed
-
SHA1
34faccd535489cf940fe01f7ef2f307598f60b65
-
SHA256
05fafaa473d50e4df54ac7f838b816f90fbb1cc1313cd514a275aed45ac1f6c3
-
SHA512
72b0da94938a2f889515a5aad9fba8d4e74d05f0788fcf5fabdc853e2e89adf6a0ddd41fca748a813ef3bc3207b93695bc5f1329d48907c4140cee973881fc45
Static task
static1
Behavioral task
behavioral1
Sample
PO.9758752img.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
duj
deapink.pink
tkmdz.com
nytzshicai.com
photos-identite-dijon.com
ekanun.net
xn--fiqy4bxl57l9sag6f6wb.ink
slivercat5.com
ai-ethics.net
510ns.com
inotherways.com
ridesharesettelment.com
zjxiangnong.com
aoraessentials.com
sheap-list.com
heshengqy.com
experts-comptables-paris-17.com
parissummerolympics2024.info
gtyx88.com
devopsonjob.com
vodacred.com
kandilakes.com
digitalcoincollective.com
seedrazer.com
24houremergencyroomnearme.com
xn--lg3bu5if3f.com
557486.top
czqfkj.com
running0711.com
aimwizard.com
holdingtoken.com
qgyldzw.com
mt1618.com
chiquicreates.com
0pe345.com
shopmomsthebomb.com
cheerzhangover.com
tascoxuanphuong.info
suitablepersonalprotection.com
dh12345.com
pixelfocusphotography.com
tianhegongcheng.com
foodsweet.com
hoamailand.com
btr96.info
eatsmartcookie.com
studebakergs.com
110422.info
infoicobit.com
northeastphillyshuttle.com
lover-road.com
pacificsolo.com
intangiblebitcoin.info
quericus.tech
indianchemicalmart.com
trublueroanokeva.com
apollontimes.news
interiordesignersudbury.com
klarkindustria.com
fraisgr.com
marketersarbitrage.com
adoriagroep.com
hxjfqe.com
stoneandstran.com
genkicoffee.com
spatren.com
Targets
-
-
Target
PO.9758752img.exe
-
Size
419KB
-
MD5
58727beb95ca8e5ec902f266901f3ebe
-
SHA1
6322381826a448cc3618ad343ebba8e82d309984
-
SHA256
359e02b2d5f52a490ef6811663993437866b52e86e9c9c4e633f30b716d73883
-
SHA512
30b9248a37190f486c3507eb517fb9ca2153b2ecb1989ff3e1aebc8c0b63507ca776dc08e4976e94308075a9d848aee4fedf9d2579d2be1ce12f14a0caf14e73
-
Formbook Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-