General
-
Target
zaownienie.img
-
Size
1.2MB
-
Sample
230328-j2h6yabe7y
-
MD5
47414ffe24b5698582788122b0160679
-
SHA1
6771448f25d807ee18d8a1715e5fab11f9149738
-
SHA256
9528017e989109cae2591f60299ef84b42f1eba732c24549ca000171a1edac85
-
SHA512
7ec8fcbd174b240f64e5c2187a9bc321bfe3800828988f94b0a113b23fd83f6f32a978c35386ac770f6334a605f7c4067e336b87518807ffa864557f59993bb0
-
SSDEEP
12288:GTMY1ltUnHhjgUciLJDrLmuychLXK8WE:GThtejgUci9DvgcM8W
Static task
static1
Behavioral task
behavioral1
Sample
NR_ZAMOW.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
il23
woodlandwoodworking.net
kitchen-deals-69155.com
hiddendia.xyz
xelaxaste.uk
sproutstrive.com
avlulu124.xyz
g-starnetwork.com
a-avdeeva.com
filmart.top
bustime411.com
besyor.xyz
joulex.live
christmastempjobsfinder.life
cxrh-official.com
themuzzy.co.uk
joshisarena.africa
dental4family.com
dietsandsixpacks.co.uk
innovativedigest.com
flyingphoenix.club
millenniumtutors.africa
ctsiholdings.com
1wincasino-online.gives
ficc2china.com
fodtt.africa
kx1339.com
duron.bet
credit-cards-52245.com
bbqdoner.ru
discovrbookings.com
guangoffical.buzz
newmanarts.africa
glamdupspasalon.com
dindaa.online
6n981.com
dovelyshop.com
20gaokk.com
dldlu.xyz
foruna-coachy.net
drsnowden.net
1wzzrr.top
signbyjot.net
bestmein23.com
cd00hui.shop
pasaportenica.net
electrolyte-drinks.site
healthyremedies.africa
creativedesigncompany.online
fhglobal-zhs.com
glasswashbasin.com
browyum.com
bet33080.com
aliceblomst.com
americanpressreleas.com
die-mietbar.com
kiahinternational.com
veganlifetony.com
ityrou.com
bnpbchain.cyou
fastandtrader.com
nerroir.com
galeritoto.com
adaptivetrading.solutions
chumeihome.net
aljaydeguzman.com
Targets
-
-
Target
NR_ZAMOW.EXE
-
Size
561KB
-
MD5
abb44d8629dbbae4b307b638fa35c921
-
SHA1
91b9b648dfcc9261d3c0135eea5c4a9da4e87985
-
SHA256
55d12f1706d497912ee1c846004edea135577d7e2eb2246e9c439740be365643
-
SHA512
c6226f1c6634e11a48c79668df2229d43476d6dec9351da239bf9da58500751e584dccf3eea2aba77e881b2eb9c8b116843b0cee5a7d2af21db0561c4e1661a2
-
SSDEEP
12288:KTMY1ltUnHhjgUciLJDrLmuychLXK8WEu:KThtejgUci9DvgcM8Wh
-
Formbook payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-