General
-
Target
f0520738f5b3e513d729ec8034c934ab84b803b5fb8c06cf328f279b42e89fa0
-
Size
582KB
-
Sample
220829-f2tqwsdea9
-
MD5
4347c70ca7302f107a165d6fd272b0e6
-
SHA1
1aa318f816e82fa3a047d61e4f79dd1b1765e89d
-
SHA256
f0520738f5b3e513d729ec8034c934ab84b803b5fb8c06cf328f279b42e89fa0
-
SHA512
071bd1762a28d3a182c588fff09754c9f0bc23fb4cc7d4b8b5b378380161d835d6990ae03281d544a3aab87ed8ed201e4cb88a720275a8fe1427b34b49e6d854
-
SSDEEP
12288:EE+7B92iNmUaevf9nf5fsuqy1ngZ6NfHJld0XTmT:5qz1xvjfdqyPP6X6T
Static task
static1
Behavioral task
behavioral1
Sample
f0520738f5b3e513d729ec8034c934ab84b803b5fb8c06cf328f279b42e89fa0.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
4.1
de08
retirecloudyyard.com
fabiyan.xyz
chrisarlyde.com
selapex.com
vivalosgales.com
specialty-medicine.com
contasesolucoes.com
satunusanews.net
allyibc.com
alameda1876.com
artofdala.com
yukoidusp.xyz
steeldrumbandnearme.com
stonewedgetechnology.com
kentonai.com
macquarie-private.com
ddgwy.com
megagreenhousekits.com
descomplicaomarketing.com
inclusiverealtor.com
themummyfront.club
computerfashiondesigns.com
ericparlatore.com
whathappened2me.com
baksomail.xyz
mugupplatform.com
shopsolutely.com
gymcservices.com
qianshunchina.com
zoomsbshab.icu
esrmtech.com
966211.com
stockinsidepr.com
df-wh.com
smartshopapps.com
kayseriadsl.com
acedesserts.com
205qs.com
ei8i.com
aibtly.com
kpviewllc.net
nnehandebol.com
torontonianapparel.ca
therealgoldenganjagang.com
mingxiang99.com
rewkagcompany.xyz
ahmee4.com
valen.info
vacuumfun.parts
fabiyan.xyz
psncareersolutions.com
escobargroups.com
michigandice.com
ey3solutions.com
li-n.info
puingkehancuran.xyz
bilt-green.com
dfysuitetech.xyz
abdoomar.com
actsaka.xyz
justsweatitout.com
axabank.life
billyyaka.com
mypatchtools.com
epulsive.com
Targets
-
-
Target
f0520738f5b3e513d729ec8034c934ab84b803b5fb8c06cf328f279b42e89fa0
-
Size
582KB
-
MD5
4347c70ca7302f107a165d6fd272b0e6
-
SHA1
1aa318f816e82fa3a047d61e4f79dd1b1765e89d
-
SHA256
f0520738f5b3e513d729ec8034c934ab84b803b5fb8c06cf328f279b42e89fa0
-
SHA512
071bd1762a28d3a182c588fff09754c9f0bc23fb4cc7d4b8b5b378380161d835d6990ae03281d544a3aab87ed8ed201e4cb88a720275a8fe1427b34b49e6d854
-
SSDEEP
12288:EE+7B92iNmUaevf9nf5fsuqy1ngZ6NfHJld0XTmT:5qz1xvjfdqyPP6X6T
-
Formbook payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-