General
-
Target
8eefb70833c7794efae60613872f35f64b9dc50d5339c8817dd0a5144c4e0a62
-
Size
969KB
-
Sample
220826-n8gc5sdbe6
-
MD5
e48b2064c5fddc6f307de2aa15ebb1eb
-
SHA1
a4875aa22ababda5630e33960cff0eaf4395bdca
-
SHA256
8eefb70833c7794efae60613872f35f64b9dc50d5339c8817dd0a5144c4e0a62
-
SHA512
936c5a6dac61905ab6100fe3e154c2dc53a86efd2d5ea2954699fb4aebcafe9ea0727c7c08a2433827c6ebbc25861e26d9f5ff5c5d1c8d4d0e481196729d16d8
-
SSDEEP
12288:ei0wFFLy44jTpuNaCT8pT2m+lj6RSul8z7iEzwSK1CHaJFQmNL5OWZdavN2HuEG0:lHWTkNaw8pT2zMS3v9RDeB4Fvzz
Static task
static1
Behavioral task
behavioral1
Sample
8eefb70833c7794efae60613872f35f64b9dc50d5339c8817dd0a5144c4e0a62.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8eefb70833c7794efae60613872f35f64b9dc50d5339c8817dd0a5144c4e0a62.exe
Resource
win10-20220812-en
Malware Config
Extracted
formbook
4.1
n7ak
wise-transfer.info
jam-nins.com
thebestsocialcrm.com
majomeow222.com
ancientshadowguilt.space
gentleman-china.com
parquemermoz.store
taxuw.com
sharqiyapaints.com
libraryofkath.com
1949wan.com
synqr.net
bitchessgirls.com
btonu.cfd
coding-bootcamps-16314.com
leadership22-tdh.site
maximsboutique.com
irishsummertruffles.com
sdnaqianchuan.com
uyews.xyz
mostvisitors.com
prembug.com
lebondtrip.com
villavouno.com
solanosotostudio.com
pbx1.website
littleeturtle.com
supremeajock.biz
turborings.run
parkpeninsula.online
goodstuff.tv
17qld.com
thehandycrewcompany.com
alwaystuesdaytacos.com
entribeworks.com
susanboyleinfo.com
volkovastyu.com
tradingmoja.com
germancompany-eg.com
gameofgem.com
hbdpcq.com
budsdesigns.com
sistemrizal.xyz
395boulderbrookdr.com
forounlock.com
cp2967.com
creatividadymedia.com
marocquadchallenge.com
tuktukwines.com
tripskorea.com
eyvonnesewingshop.com
1690.biz
perfectkick.website
jreengineering.tech
lilmeow.store
ttjsdispatchingllc.com
carltonellis.com
redantholdings.com
luxuryworkingfarms.com
appsecintelligence.com
studmate.online
imogenbot.store
netheerlandart.com
bikelegalkentucky.com
playdoapp.online
Targets
-
-
Target
8eefb70833c7794efae60613872f35f64b9dc50d5339c8817dd0a5144c4e0a62
-
Size
969KB
-
MD5
e48b2064c5fddc6f307de2aa15ebb1eb
-
SHA1
a4875aa22ababda5630e33960cff0eaf4395bdca
-
SHA256
8eefb70833c7794efae60613872f35f64b9dc50d5339c8817dd0a5144c4e0a62
-
SHA512
936c5a6dac61905ab6100fe3e154c2dc53a86efd2d5ea2954699fb4aebcafe9ea0727c7c08a2433827c6ebbc25861e26d9f5ff5c5d1c8d4d0e481196729d16d8
-
SSDEEP
12288:ei0wFFLy44jTpuNaCT8pT2m+lj6RSul8z7iEzwSK1CHaJFQmNL5OWZdavN2HuEG0:lHWTkNaw8pT2zMS3v9RDeB4Fvzz
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-