General
-
Target
Se adjunta nueva lista de pedidos.zip
-
Size
366KB
-
Sample
220812-xgcqbagfaj
-
MD5
4fed4fdb3354fd91ceebc8e10a543146
-
SHA1
929aef6022b33c47b60998508d8b03808228e391
-
SHA256
2b0aba9b768f1f4449a65b2e85f0b94dde5c9ca639f3ddb38184eb65b6ed02d5
-
SHA512
c985a022a3f0697eeb99b34099417b91493da2ce83b4ec910af6b99e457eaf9319c929aaca2d7400a4c3d4bc2023f628a65d628b872d98e41cddb162f07a457d
Static task
static1
Behavioral task
behavioral1
Sample
Se adjunta nueva lista de pedidos.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Se adjunta nueva lista de pedidos.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
formbook
4.1
3nop
slot999.site
hagsahoy.com
howdyart.com
orders-marketplace.com
ranaa.email
masterlink.guru
archershut.com
weikumcommunications.com
dphardmoney.com
shjyutie.com
vivaberlin.net
mycto.today
curvygirlugc.com
otnmp.cfd
alwrists.com
propercandlecompany.com
allindustry-bg.com
theyoungbizacademy.com
expand658170.com
leslainesdumouchon.com
suptisa.com
picnic-in-andong.com
wanligui.com
cesarjunaro.com
kuxita.xyz
simpkecpr.com
microsoftsecuritys.com
responsefactor.com
polyggroup.com
talonxmfg.biz
jam-nins.com
picuar.com
familysafehidingplaces.com
centericehockey.com
appleidd.info
igctsansculottism.sbs
guiaestilosaude.online
happysscribe.com
tizzbizz.com
qcorretor.com
baremaster.online
liputanlima.com
ontherighttrack.systems
zzza002.xyz
k-aashirwaad.com
stillwatersagawork.com
skindoze.com
asdjmhfg.xyz
refaccionariafgnogales.com
hunn.pro
tlland.group
homebizen.com
newszi.xyz
nicetimecafe.net
qdbs.cloud
ebtl.wtf
dchasss.com
kijangjantan.tech
elegant-story.com
glimtmedia.com
1dot.online
neatneighborncclean.com
marionarzel.com
app-arthrex.com
xctech.world
Targets
-
-
Target
Se adjunta nueva lista de pedidos.exe
-
Size
973KB
-
MD5
7537f492eb803061a82014a500939016
-
SHA1
bfc0e33ee2a24959e54f3af94803356f5514049c
-
SHA256
e0c0c09b1e4bbdefaa39a956e232193ca2f5d672e0647da4a1cfc5c8b8f909e3
-
SHA512
087c828aacd4f1a5192d4d50c81b65cd52cb70f323065cf9f7c0637872a7c6aa7c176999284046b7272231ff474c365212ea8e0a4e9078d58d75a251c43cf164
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-