General
-
Target
Perfil de empresa y solicitud de pedido-pdf.exe
-
Size
817KB
-
Sample
230402-j1593sfd37
-
MD5
934b4aa04d107f3f1e4df18c1f4602c0
-
SHA1
78fd7a3ff4d72fc10dc2580ed51107d378a3917b
-
SHA256
be2d13c0a69ec836fb9e404b03dbfa04d7adb067ff00bda1375182dcc6bffa6f
-
SHA512
3071bea94409178dfc0a4d2107f435403bd1842ad6d899e933fbd8642aaa6f65d03fd6d4c0b0263b8c95ab4a42c594e9e5c4e1f72c26855529dd89feb4ebdc04
-
SSDEEP
24576:NuxnYfyuqYOEzbPDzse2IWZDNjpg2IRezTZ:Qh+yuOI0z9lNjp8RkZ
Static task
static1
Behavioral task
behavioral1
Sample
Perfil de empresa y solicitud de pedido-pdf.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
il23
woodlandwoodworking.net
kitchen-deals-69155.com
hiddendia.xyz
xelaxaste.uk
sproutstrive.com
avlulu124.xyz
g-starnetwork.com
a-avdeeva.com
filmart.top
bustime411.com
besyor.xyz
joulex.live
christmastempjobsfinder.life
cxrh-official.com
themuzzy.co.uk
joshisarena.africa
dental4family.com
dietsandsixpacks.co.uk
innovativedigest.com
flyingphoenix.club
millenniumtutors.africa
ctsiholdings.com
1wincasino-online.gives
ficc2china.com
fodtt.africa
kx1339.com
duron.bet
credit-cards-52245.com
bbqdoner.ru
discovrbookings.com
guangoffical.buzz
newmanarts.africa
glamdupspasalon.com
dindaa.online
6n981.com
dovelyshop.com
20gaokk.com
dldlu.xyz
foruna-coachy.net
drsnowden.net
1wzzrr.top
signbyjot.net
bestmein23.com
cd00hui.shop
pasaportenica.net
electrolyte-drinks.site
healthyremedies.africa
creativedesigncompany.online
fhglobal-zhs.com
glasswashbasin.com
browyum.com
bet33080.com
aliceblomst.com
americanpressreleas.com
die-mietbar.com
kiahinternational.com
veganlifetony.com
ityrou.com
bnpbchain.cyou
fastandtrader.com
nerroir.com
galeritoto.com
adaptivetrading.solutions
chumeihome.net
aljaydeguzman.com
Targets
-
-
Target
Perfil de empresa y solicitud de pedido-pdf.exe
-
Size
817KB
-
MD5
934b4aa04d107f3f1e4df18c1f4602c0
-
SHA1
78fd7a3ff4d72fc10dc2580ed51107d378a3917b
-
SHA256
be2d13c0a69ec836fb9e404b03dbfa04d7adb067ff00bda1375182dcc6bffa6f
-
SHA512
3071bea94409178dfc0a4d2107f435403bd1842ad6d899e933fbd8642aaa6f65d03fd6d4c0b0263b8c95ab4a42c594e9e5c4e1f72c26855529dd89feb4ebdc04
-
SSDEEP
24576:NuxnYfyuqYOEzbPDzse2IWZDNjpg2IRezTZ:Qh+yuOI0z9lNjp8RkZ
-
Formbook payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-