General
-
Target
New_PI.exe
-
Size
715KB
-
Sample
220809-k4z3xafhgj
-
MD5
484023caa63a03b4f0483b62ecf09e2a
-
SHA1
064718bb184f76e999e4978812c9913973db5ea2
-
SHA256
aaad3f9720410e623a7081b425f1eb39fa230cfe90b0e5c6991ba17fc9d15cd0
-
SHA512
fe82ec2f1fb1e7e1a80861c18c60899a591815f6739de40d3fea79b9ca1548239ee524f46d2f600861b2337704aeefcc7fd1cd3d416173743a7e0aae746e581e
Static task
static1
Behavioral task
behavioral1
Sample
New_PI.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
New_PI.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
formbook
4.1
e2e7
spicepano.site
17045.uk
pjkai.com
needamarketer.com
transformingjustice.report
westsideoccupationaltherapy.com
myhealthtrackr.com
happyfeetboca.com
goldenretrievertube.com
aresdevgroup.com
dosedspray.life
moxtun.online
togelmimpi.com
cdhkh.com
immagineallthe.com
stori-game.com
eco-tanques.com
thesagesky.com
aliaaestheticsllc.com
nayadesert-marrakech.com
power-beijing.com
microsysoman.com
diysecuritysystem.net
ytjhthrjrtjyrjj01.xyz
lastblackrockstar.com
rollingalong.store
citimedspharmacy.com
zosievents.com
thelifecoachapp.com
dmm100k.com
ksliangyi.com
karenamitfloral.com
etiennebugeja.digital
mar-o2.cloud
mykasy.com
mcdowellfitnesscenter.com
rhemagames.com
thepostoakclassic.com
perillamakarna.com
kdollazboutique.com
saimaanapu.info
khathia.com
weddingbootsmomo.com
galvanisefitness.com
bjttimage.com
ubuntuforfree.com
ebizpay.biz
pjsburgershack.com
brilliantretreats.com
phozs.com
blueonesystems.com
mirablast.com
vvincorestaffing.com
waxythings.com
cenapmil.com
alpl.site
northridgecommunications.com
capstonefilm.net
beau-loft.xyz
consertasmartrj.com
petopialearning.com
yourbookkeeper4.com
pharaohadventures.com
bofacali.com
yfyan.com
Targets
-
-
Target
New_PI.exe
-
Size
715KB
-
MD5
484023caa63a03b4f0483b62ecf09e2a
-
SHA1
064718bb184f76e999e4978812c9913973db5ea2
-
SHA256
aaad3f9720410e623a7081b425f1eb39fa230cfe90b0e5c6991ba17fc9d15cd0
-
SHA512
fe82ec2f1fb1e7e1a80861c18c60899a591815f6739de40d3fea79b9ca1548239ee524f46d2f600861b2337704aeefcc7fd1cd3d416173743a7e0aae746e581e
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-