General
-
Target
New Inquiry.gz
-
Size
204KB
-
Sample
221017-pkwctsbge5
-
MD5
5141a713766e6038c2115eaa9feb7f78
-
SHA1
5f423d3813890f30a1ec915e6a091efd8ffb4bbb
-
SHA256
43963f663331f1fa8342f4e3b7b2112e705ab5094b63bf51a639223321dcc901
-
SHA512
db9d56a28e8f7f7096fd65f9d9d5f020d59b1c462eb0ff1e7e701204535da83e85ffa7b2a0359976d879b8cf2d3f02731288df8c2a5daf1adba2c8b391fc4f7e
-
SSDEEP
6144:/iw770eKlIyKefdOd9P7w7wcSWk5BHX5m5Xd8:D77PKlKjdMwcSDB35m9K
Static task
static1
Behavioral task
behavioral1
Sample
New Inquiry/New inquiry.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
4.1
d06c
douglasdetoledopiza.com
yxcc.online
primo.llc
mediamomos.com
cosmetiq-pro.com
22labs.tech
turbowashing.com
lindaivell.site
princess-bed.club
groundget.cfd
agretaminiousa.com
lomoni.com
nessesse.us
lexgo.cloud
halilsener.xyz
kirokubo.cloud
corotip.sbs
meghq.net
5y6s.world
weasib.online
threelights.tokyo
brownandbrowniplaw.net
watchomesafe.xyz
ky4468.com
nonhodgkinslymphoma.space
promaster.africa
lightypn.tech
dqhongyan.com
66880.love
ncloud.tech
jdpipes.info
yaman-style.com
ky8257.com
watercoolerbot.com
medyspace.xyz
historicalstones.com
ecobrain.biz
tvebaoxz.com
droveit.net
haoloi.skin
iyzwux.xyz
formula5.online
fourseasonsapparelstore.com
matrix158.com
donkeysforsale.net
foozitive.com
curcumabrasil.online
sest-m5eg.net
abkirtoogooni.club
tinttheory.com
digitalfp.online
mrsestudio.store
report-24.com
protectific.com
deovolenteventures.com
tanizaon.website
workastrology.com
kiwifarms.life
6scout.net
vj238.vip
urbanproject.app
adjqodjqw.top
clubtripsite.com
zoe-dev.click
theconciergepeople.com
Targets
-
-
Target
New Inquiry/New inquiry.exe
-
Size
236KB
-
MD5
dd1a098f5e803e0d80f1d7a7333ca8a5
-
SHA1
224bf29996d204c81e825c28b2955a6f2f01973f
-
SHA256
48c09aadd19df65dcb19eed8da77377e60aa7e6e5cba53ba0507faa9c550c193
-
SHA512
d0ef4d2a6dda49b0c513fb76a81f78cba3c67ace14b7254c580b8c41972406bbe3324c0ae7d5bd3e23ee916b8a9080c25b331a80ccf727635da373682627bfc1
-
SSDEEP
6144:i6bAcJ3iiPiaIj0sBo+0iBDQp9tHjaq8fRlilqaerDbI6Iu:JjIj0op0i1iHHTn0nkO
-
Formbook payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-