General
-
Target
LIST.exe
-
Size
449KB
-
Sample
230209-r2hjeaga4t
-
MD5
d74fd6ed07181f2d8c67708af84a0342
-
SHA1
8a564e7c684069e6ab5f72faa1a7fc5e25985cd9
-
SHA256
8214fef9e3cba373f5c92b48fe8535760e67cad89abdf07a7d60f69b2c37a018
-
SHA512
be1377559ed86fd9bdd82a754b2b1b33bdb4acf5216f142ebdb950180ed5041f41b2ebd1b0746d30dc6014220ecf2ec9c73294e3e86a17028efaeb4830167f02
-
SSDEEP
6144:qp0+DpuPJFjJYILWt3NwuLk5TvTobml6n6HOxLNoQyhocxiDLW9M:qwFjJnKlNwuArobmljULUXxiDLiM
Static task
static1
Behavioral task
behavioral1
Sample
LIST.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
4.1
gr05
companysyuanarea.com
brightssidefinancial.com
macrotek.co.uk
k8stestsite.com
arabaticareti.com
ixsmir2imi.net
harmoniouspsicologia.com
feelingfitandfabulous.co.uk
chaudharyramkumar.com
centerstage280.com
barbarianhealth.com
conviveum.com
cookitproductions.com
chooseyupei.com
gofraud-netusa.com
nppaf.africa
fouchpur.com
celticjewelryireland.com
gfaxtp.xyz
kupinaklik.net
margriela.africa
lpdstaging21.dev
apartamentoindarajerez.com
imtoke-d.space
herry-logistics.com
customjvupdate.live
03758.uk
innohabi.com
arabicbonus.com
bzmc3ldeyz.net
beikefk.com
ghostwriters-schweiz.com
ashfulartz.com
apexlabs.info
kickupacademy.co.uk
colosseumcoinbsc.live
jioswadesh.net
calculator-osago-online.ru
downfornothing.com
horatiusenterprise.africa
liverpoolcomputerrepair.co.uk
alarm-system-55204.com
warior88.net
historicaltraditions.com
carolynbseagraves.xyz
lecrua.com
aestics.ru
penroselife.com
codelinchpin.com
copalconsults.com
appletvgame.com
eventplannerabuja.africa
accountspay.net
jpdentistry.co.uk
colestransportaion.com
malibucountrymanor.com
happiestminds-udemy.com
msoftsolutions.net
boqglb.com
homedecoridea.online
fisioupcenter.com
lifeanswerbook.com
carbon2cobaltt.com
problemsolvedjunk.net
halesense.com
Targets
-
-
Target
LIST.exe
-
Size
449KB
-
MD5
d74fd6ed07181f2d8c67708af84a0342
-
SHA1
8a564e7c684069e6ab5f72faa1a7fc5e25985cd9
-
SHA256
8214fef9e3cba373f5c92b48fe8535760e67cad89abdf07a7d60f69b2c37a018
-
SHA512
be1377559ed86fd9bdd82a754b2b1b33bdb4acf5216f142ebdb950180ed5041f41b2ebd1b0746d30dc6014220ecf2ec9c73294e3e86a17028efaeb4830167f02
-
SSDEEP
6144:qp0+DpuPJFjJYILWt3NwuLk5TvTobml6n6HOxLNoQyhocxiDLW9M:qwFjJnKlNwuArobmljULUXxiDLiM
-
Formbook payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-