General
-
Target
8f9dbb0313ac2bc7eee44b775e99053e0023472db4c3994c28561830d39bf5ec
-
Size
709KB
-
Sample
230321-n83alscb6s
-
MD5
ca8650a170da8f4dd140aa4192d9da94
-
SHA1
41245e2b222b1022006a85046c2d1c6e974c4edb
-
SHA256
8f9dbb0313ac2bc7eee44b775e99053e0023472db4c3994c28561830d39bf5ec
-
SHA512
f22d5c26e9e5ac0ac96f052afae88f009ed5fb87d7fe7b2550d251b6a83f0b9a67400b745941876cf8c24c324b6be08ec1fa8b8c63d2689a53450ba826b49b34
-
SSDEEP
12288:/Au825XkTH8gfIwZKoT/U3RnuKsLJrX7MZowGm4:oFCkTowZKfhnuxVD7MZoa
Static task
static1
Behavioral task
behavioral1
Sample
8f9dbb0313ac2bc7eee44b775e99053e0023472db4c3994c28561830d39bf5ec.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
8f9dbb0313ac2bc7eee44b775e99053e0023472db4c3994c28561830d39bf5ec.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
formbook
4.1
p6rd
tractionjet.com
safaritraffic.website
tasmok.com
xmjeans.com
buybestdildos.com
erwewewcsds.com
streetfonia.com
forgrat.xyz
lonsop.com
canyonvilletigers.com
italiangpt.com
jpoyferre.com
azabunoreraku.tokyo
pelvicfloorexercises.website
cai6.love
chesterguiam.com
sushmapaxton.com
paperbound.store
muzidalipha.com
irenechan.net
yalltrim.com
mcerel.net
netaraonline.com
squarepeghires.dev
thecraftclosetbyshea.com
builtannamea.com
snapdeal.one
olira.net
digitalhumanstoday.com
knoxvillecaraccident.com
mercadopersa.online
uniformesjazbeth.com
wickedlybookedpackages.com
bhaversing.xyz
futureofdallas.technology
3n-e5.futbol
3u.boats
mfc-project.site
pg168king.net
ai-humanity.com
saralmadrasah.com
isq7z.xyz
indigoepictrail.com
beestmatjar.com
wisdomtreats.com
atelierparvis.com
shortstatusvideos.com
xemlrpi.com
publicsafetydivers.info
remontdodge.online
ogntech.site
avlpediatricfamilymassage.com
globalgroup-manpower.com
cvtemplate.xyz
xmaifeier.com
cbrczhy.top
theworldteeshut.live
stxfushun.com
samuelgranville.xyz
deltacommunitycu-6u.com
remixlab.net
margaridabeja.com
verabradleycostarica.com
bwsprivilege.com
humanofai.com
Targets
-
-
Target
8f9dbb0313ac2bc7eee44b775e99053e0023472db4c3994c28561830d39bf5ec
-
Size
709KB
-
MD5
ca8650a170da8f4dd140aa4192d9da94
-
SHA1
41245e2b222b1022006a85046c2d1c6e974c4edb
-
SHA256
8f9dbb0313ac2bc7eee44b775e99053e0023472db4c3994c28561830d39bf5ec
-
SHA512
f22d5c26e9e5ac0ac96f052afae88f009ed5fb87d7fe7b2550d251b6a83f0b9a67400b745941876cf8c24c324b6be08ec1fa8b8c63d2689a53450ba826b49b34
-
SSDEEP
12288:/Au825XkTH8gfIwZKoT/U3RnuKsLJrX7MZowGm4:oFCkTowZKfhnuxVD7MZoa
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook payload
-
ModiLoader Second Stage
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-