General
-
Target
f103740fb52ede21a83869422e975388b8d8465d67cac671b92b4146c57dab20
-
Size
564KB
-
Sample
220521-ntzwyaebc9
-
MD5
036509dc1fd86333d36fffdda5500260
-
SHA1
a3898faec4e318d5ddeaee44a87cb85105d87a12
-
SHA256
f103740fb52ede21a83869422e975388b8d8465d67cac671b92b4146c57dab20
-
SHA512
bfbfd66998d7d24a2af3c72d08185abf96518ccb01b9298196ba8e3cbab8123db8cba81d7372922c4a5c38920c778aaf660040c5e10525cbafcfcb75c931df53
Static task
static1
Behavioral task
behavioral1
Sample
Attached is the new order, mecano group.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Attached is the new order, mecano group.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
formbook
4.1
3nop
bakecakesandmore.com
shenglisuoye.com
chinapopfactory.com
ynlrhd.com
liqourforyou.com
leonqamil.com
meccafon.com
online-marketing-strategie.biz
rbfxi.com
frseyb.info
leyu91.com
hotsmail.today
beepot.tech
dunaemmetmobility.com
sixpenceworkshop.com
incrediblefavorcoaching.com
pofo.info
yanshudaili.com
yellowbrickwedding.com
paintpartyblueprint.com
capricorn1967.com
meucarrapicho.com
41230793.net
yoghurtberry.com
wv0uoagz0yr.biz
yfjbupes.com
mindfulinthemadness.com
deloslifesciences.com
adokristal.com
vandergardetuinmeubelshop.com
janewagtus.com
cloudmorning.com
foresteryt01.com
accident-law-yer.info
divorcerefinance.guru
wenxiban.com
589man.com
rockerdwe.com
duftkerzen.info
igametalent.com
yoursafetraffictoupdates.review
jialingjiangpubu.com
maximscrapbooking.com
20sf.info
shadowlandswitchery.com
pmbnc.info
shoppingdrift.online
potashdragon.com
ubkswmpes.com
064ewj.info
rewsales.com
dealsforyou.tech
ziruixu.com
naehascloud.com
smokvape.faith
sunflowermoonstudio.com
stepgentertainment.com
tawbj.info
besthappybuds.net
koohshoping.com
ajikrentcarsurabaya.com
jkjohnsroofingfl.com
whatsnexttnd.com
yoyodvd.com
joomlas123.info
Targets
-
-
Target
Attached is the new order, mecano group.exe
-
Size
1.1MB
-
MD5
727396a68b9b5cbf700d7b948db6d830
-
SHA1
bd50594103f8554d8e076f0cc3a5a65c95586bee
-
SHA256
ca1d053d41842ab4052e83f395cfef43d3b79f16a5c437fbfcc10fef27c97ca8
-
SHA512
a1a1129d9630a3731daaf22bf67baa655bf8026da116e69d008641e9697dbaab9ac78a6a2c5acdeb733df64c8a343c88ef822adf07ace41cf95fbb64d8c0f3df
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-