General
-
Target
0ae741990942bc5b9a51a72dc1cc9f2197b8fe140b76eee9170c3260c00e8656.zip
-
Size
246KB
-
Sample
230321-qrlmmscf9v
-
MD5
2fee8aedfa383e872fc9756eb5af6f0f
-
SHA1
edf9224010d242f85ec0dc646cf7f9dd0a94dfc9
-
SHA256
bde74f5dfdff3c14df49343fa54fee3bc237e556213b05d9ee12d9bceb335f1a
-
SHA512
b8432ddd10ec5907fd7a7a037ce439f7fdfc7fa776f7530936ecf8fa92de95c7c06f35360fc47715b44a5c3e401dd2408109d6d6d029175a949369bcfeaaff17
-
SSDEEP
3072:hM+QSkxZnQdWBCspwV4eSwGsbV0VUlHHpLEUBkV9qP1mgj7JoI0iNSdsVKw1DeJp:28oRBCsDe1dVjxEUBkV9qPVYltwZeJp
Static task
static1
Behavioral task
behavioral1
Sample
0ae741990942bc5b9a51a72dc1cc9f2197b8fe140b76eee9170c3260c00e8656.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
ms12
familywealthsociety.com
hypnotherapywashington.com
top-promotion.net
tovber.xyz
guiadestudio.com
alibabas.international
campsitecredits.com
18370327105.com
yvhome.net
triknblog.net
limpiezasturisticas.com
khaivisuals.com
amyjohnsonrealtor.com
websponsorzone.net
cobblestonemineralslp.com
women-clothing-64680.com
houtme.com
404shadydale.com
laposadaapts.com
paparazirestaurant.co.uk
helios.moe
kx2662.com
expatsturkiye.com
levelhsealth.com
eeccu.info
princestrustawards.co.uk
lingdangcj.com
goverifyvin.com
innovapay.africa
dvxlbw.top
g20.xn--fiq228c5hs
fdbezd.top
findcar.uk
lordsbury.co.uk
brainmovementinternational.com
slysz.com
thinkdev.africa
garageautosaintthomas.com
bhspharmas.com
likemommy.online
hospitalityhsia.com
friendsofquarepianos.co.uk
chejukongjian.com
drugtestingservices.co.uk
abimpianti.ch
lasvegasestimates.com
expertprestartupbootcamp.co.uk
centersuico.com
consolewars.net
cafemarita.site
findyellowfreightjobs.com
economjchq.space
everwoodpreserving.net
lists-cellphones.life
buckleyassociates.co.uk
littel-italy.com
hangrytots.com
ss777.net
arborfinancialgroup.info
hookspatqp.space
finesttravels.africa
fullhousemarketer.com
conscienciaretroprogresiva.com
arialttnr.com
eliteequinewellness.com
Targets
-
-
Target
0ae741990942bc5b9a51a72dc1cc9f2197b8fe140b76eee9170c3260c00e8656.exe
-
Size
261KB
-
MD5
3f8f4a7f43b5627ed45128bb99f0b471
-
SHA1
1c1931fe8db9b5df89d39e3121fa72c2a355ded1
-
SHA256
0ae741990942bc5b9a51a72dc1cc9f2197b8fe140b76eee9170c3260c00e8656
-
SHA512
800a88ff5985f832c73fbada7fa71175531dbe9bd47a93bc8941817e791d8868cfedd4dad2f82604ce06e1e2136821b963d35e23d580edf2d260475eb213ff6f
-
SSDEEP
6144:4auq7FPth0P6iM7EFsjSHR58yQITE1vE1P57hO5FKHJa:HFPr0SirFjC1yP5NO5FKg
-
Formbook payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-