General
-
Target
5be556a2-14fa-4f52-8395-f6a8bd57c523.zip.unsafe
-
Size
187KB
-
Sample
221216-tdcpcshg7w
-
MD5
a82c49e5a5ef7820a600d18ee112e2b0
-
SHA1
0b55c5a2cc58cc813c6f208309f9f8f3a7c1d0ac
-
SHA256
52900803e3f58b611e5f7160be064d84a08e4ac78b03440647f618732a55bf56
-
SHA512
52259e83d2d5d3fc4d42f6f9584c26544298305b2c4e04e3a421c4c591f295a8d8b7ede6d2d2361b1fb0acdfee1a409c357f98515cc9fa12228ff3c27b55b8f7
-
SSDEEP
3072:/O32ACmYZurqlP9216UVWUW6wFmx0mbl4FazRzs8KNpBoZnK/fmjVE2if0k2d+2Q:M2ATmurQK6Uw67BRslB4naFMk2doL
Static task
static1
Behavioral task
behavioral1
Sample
pl2.exe
Resource
win7-20220901-en
Malware Config
Extracted
formbook
4.1
d06c
douglasdetoledopiza.com
yxcc.online
primo.llc
mediamomos.com
cosmetiq-pro.com
22labs.tech
turbowashing.com
lindaivell.site
princess-bed.club
groundget.cfd
agretaminiousa.com
lomoni.com
nessesse.us
lexgo.cloud
halilsener.xyz
kirokubo.cloud
corotip.sbs
meghq.net
5y6s.world
weasib.online
threelights.tokyo
brownandbrowniplaw.net
watchomesafe.xyz
ky4468.com
nonhodgkinslymphoma.space
promaster.africa
lightypn.tech
dqhongyan.com
66880.love
ncloud.tech
jdpipes.info
yaman-style.com
ky8257.com
watercoolerbot.com
medyspace.xyz
historicalstones.com
ecobrain.biz
tvebaoxz.com
droveit.net
haoloi.skin
iyzwux.xyz
formula5.online
fourseasonsapparelstore.com
matrix158.com
donkeysforsale.net
foozitive.com
curcumabrasil.online
sest-m5eg.net
abkirtoogooni.club
tinttheory.com
digitalfp.online
mrsestudio.store
report-24.com
protectific.com
deovolenteventures.com
tanizaon.website
workastrology.com
kiwifarms.life
6scout.net
vj238.vip
urbanproject.app
adjqodjqw.top
clubtripsite.com
zoe-dev.click
theconciergepeople.com
Targets
-
-
Target
pl2.bin
-
Size
266KB
-
MD5
f919de1034edc7b8a4a5a8aa8f0067dd
-
SHA1
ce50421738d5fb3108fe147dfdea5733fb01e19e
-
SHA256
81ce31f6f3cd9a6a6037c411a1485bee35eaa93965fc6ccc2bd857c991fcad90
-
SHA512
946fafde24bf34a659d8df5bcd0db2ff3791b92c0fd36d96a9273436bbc75244cfb26cc9bf00d86370fc92d13d3e791905bc8f8fe97eb74e1ea3b556cd649b70
-
SSDEEP
6144:MtXZXPanzcQUuLgsNG0BPspB4nAFmklJB:Mtsz5DLgsp5ngDlj
-
Formbook payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-