General
-
Target
0ae741990942bc5b9a51a72dc1cc9f2197b8fe140b76eee9170c3260c00e8656.zip
-
Size
246KB
-
Sample
230321-rze1habb98
-
MD5
8ebe1da75e5359964d1dcee4f91c9bee
-
SHA1
8ef8e69329acf54f9451307a15e59c63fbcafde7
-
SHA256
90b17c21b9f87c4bb5894ee0de441239a5e2c2eb2b6713675eb35f0ef096f577
-
SHA512
b02fff71182c7c8e05a72dd2a837b5f18c1a256cfe1bdae53e1cf6af800b7393dee3eb1da55e6f1e0c4cfb13077ba1e84a89336cdea64fc36c0ee8178491be42
-
SSDEEP
6144:VnJ0rq2xYGJ0/bndDGb90FCXoX3xEXG+1aaNDxuq:VJ0rqaYi+ndG68UhEW+JNtB
Static task
static1
Behavioral task
behavioral1
Sample
0ae741990942bc5b9a51a72dc1cc9f2197b8fe140b76eee9170c3260c00e8656.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
ms12
familywealthsociety.com
hypnotherapywashington.com
top-promotion.net
tovber.xyz
guiadestudio.com
alibabas.international
campsitecredits.com
18370327105.com
yvhome.net
triknblog.net
limpiezasturisticas.com
khaivisuals.com
amyjohnsonrealtor.com
websponsorzone.net
cobblestonemineralslp.com
women-clothing-64680.com
houtme.com
404shadydale.com
laposadaapts.com
paparazirestaurant.co.uk
helios.moe
kx2662.com
expatsturkiye.com
levelhsealth.com
eeccu.info
princestrustawards.co.uk
lingdangcj.com
goverifyvin.com
innovapay.africa
dvxlbw.top
g20.xn--fiq228c5hs
fdbezd.top
findcar.uk
lordsbury.co.uk
brainmovementinternational.com
slysz.com
thinkdev.africa
garageautosaintthomas.com
bhspharmas.com
likemommy.online
hospitalityhsia.com
friendsofquarepianos.co.uk
chejukongjian.com
drugtestingservices.co.uk
abimpianti.ch
lasvegasestimates.com
expertprestartupbootcamp.co.uk
centersuico.com
consolewars.net
cafemarita.site
findyellowfreightjobs.com
economjchq.space
everwoodpreserving.net
lists-cellphones.life
buckleyassociates.co.uk
littel-italy.com
hangrytots.com
ss777.net
arborfinancialgroup.info
hookspatqp.space
finesttravels.africa
fullhousemarketer.com
conscienciaretroprogresiva.com
arialttnr.com
eliteequinewellness.com
Targets
-
-
Target
0ae741990942bc5b9a51a72dc1cc9f2197b8fe140b76eee9170c3260c00e8656.exe
-
Size
261KB
-
MD5
3f8f4a7f43b5627ed45128bb99f0b471
-
SHA1
1c1931fe8db9b5df89d39e3121fa72c2a355ded1
-
SHA256
0ae741990942bc5b9a51a72dc1cc9f2197b8fe140b76eee9170c3260c00e8656
-
SHA512
800a88ff5985f832c73fbada7fa71175531dbe9bd47a93bc8941817e791d8868cfedd4dad2f82604ce06e1e2136821b963d35e23d580edf2d260475eb213ff6f
-
SSDEEP
6144:4auq7FPth0P6iM7EFsjSHR58yQITE1vE1P57hO5FKHJa:HFPr0SirFjC1yP5NO5FKg
-
Formbook payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-