General
-
Target
613aac6bca4a1628ad9717e84e44730ec74eec9bb771058eac5c1297a5f1c05b.zip
-
Size
433KB
-
Sample
230321-r1yt1add5s
-
MD5
66a68f6993dec1af3238add049c4ff9e
-
SHA1
cd9588d128791cb71e607f0a18ff0429b89c8654
-
SHA256
2a4a5995aed24e7f59b9c93afd0836756c18b3c1a8085141c3091e6026804029
-
SHA512
e5c174a0dd6c3169d22d496cad4df9adf7a7ef66decc73d589dd7d9ea45a0416cb844d18bcebec6d9c4d1e5afb83d1d062dfb83c3aeebb4f896998f30535681a
-
SSDEEP
12288:y1YvDdq9IN2mCFH9svBAfnX0HFnGHF2weoqpr:y1cdAmCtK6PMG2weoQ
Static task
static1
Behavioral task
behavioral1
Sample
PO89854.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PO89854.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
formbook
4.1
h3sc
seemessage.com
bitlab.website
cheesestuff.ru
bhartiyafitness.com
bardapps.com
l7a4.com
chiara-samatanga.com
lesrollintioup.com
dropwc.com
mackey242.com
rackksfresheggs.com
thinkvlog.com
aidmedicalassist.com
firehousepickleball.net
sifreyonetici.com
teka-mart.com
ddttzone.xyz
macfeeupdate.com
ivocastillo.com
serjayparks.com
uptimeps.cfd
prioritivity.com
linjia.cfd
rentmobil99.com
amazonpublicationhouse.com
wisconsinprivatelenders.com
emavgrfcolvin.click
navegadornet.tech
extremetension.com
hpm8cnb5s2vqr.com
sxhjdp.com
breathevitality.com
easyshopalgeria.com
profibex.com
3546464356.top
shopanml.space
andhra2telangana.com
b4pizzeria.click
thehealingcoaches.com
theantalyas37d.com
tyuuhai.site
look.fashion
zbzhaochang.com
emmettis.com
data4u-e.shop
dawnzdesignzz.com
modulatic.com
measuremateshop.com
5starseptics.com
zexalin.top
r693.xyz
techcryptoreview.com
singiteasy.store
portpay.site
holmtransport.com
zkdwvtg.top
nonetdc.xyz
customerservicesafesteptub.com
myhandmadeheaven.com
prostockdirect.store
vppq.buzz
malibu5.com
alexfallah.com
93oo.top
illatales.com
Targets
-
-
Target
PO89854.exe
-
Size
828KB
-
MD5
7c8067dc792a02d4d1211a2486a56334
-
SHA1
d1dd06a7a2c4b707882d1bb9559646aa049d4146
-
SHA256
ac4fce0e72e52a363a1cc5d5c425a2add422321772a84beb1d339b0bef76287a
-
SHA512
a360bb7bed4f1c5463fe357edea9e2ab29fafbff00400e778a7e9dadb311d65f954c02e327dbd664effacb70710b8138e1b29d5689af3160b44d8f72c4c81bd0
-
SSDEEP
12288:mMlTjVH4G4CWP/lAS2WW5dCvWSbmbrvPZb2v+9RWx6OPOKX:m4PV17WP6S2WWGuSirvPZwCPOPOK
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook payload
-
ModiLoader Second Stage
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-