General
-
Target
9908676483.zip
-
Size
300KB
-
Sample
230404-wy3gmaba9v
-
MD5
7f5b9f84db928751df7dcae8235a3831
-
SHA1
30577def6993bdbe2de33ee8fc5de1f80a346675
-
SHA256
c0eae5b4a5c7e5bbbe3b60d1d841dde3411f8f6f64a40d8ffa6f276515f1f2d0
-
SHA512
b59cb8a3adf3960e02b95be5a6e2a61959e31788a9f490f78ad1c8b93bd66c2bdae706a6cc3c7f3e3c15e66829309208e32df17aff2f25902b9b79a734ae5f63
-
SSDEEP
6144:yYEy/JZdAhxkbNkPDlzcOtt8UAUpJemCrc3xAVp12653Qy:yQ9AwbNSDDtoUpYmCMecy
Static task
static1
Behavioral task
behavioral1
Sample
4a3d68d1c0d4ccc8a137f1a6c41832131a9bd6050c25abba3777a50a7b142f3a.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
4a3d68d1c0d4ccc8a137f1a6c41832131a9bd6050c25abba3777a50a7b142f3a.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
formbook
4.1
h3sc
seemessage.com
bitlab.website
cheesestuff.ru
bhartiyafitness.com
bardapps.com
l7a4.com
chiara-samatanga.com
lesrollintioup.com
dropwc.com
mackey242.com
rackksfresheggs.com
thinkvlog.com
aidmedicalassist.com
firehousepickleball.net
sifreyonetici.com
teka-mart.com
ddttzone.xyz
macfeeupdate.com
ivocastillo.com
serjayparks.com
uptimeps.cfd
prioritivity.com
linjia.cfd
rentmobil99.com
amazonpublicationhouse.com
wisconsinprivatelenders.com
emavgrfcolvin.click
navegadornet.tech
extremetension.com
hpm8cnb5s2vqr.com
sxhjdp.com
breathevitality.com
easyshopalgeria.com
profibex.com
3546464356.top
shopanml.space
andhra2telangana.com
b4pizzeria.click
thehealingcoaches.com
theantalyas37d.com
tyuuhai.site
look.fashion
zbzhaochang.com
emmettis.com
data4u-e.shop
dawnzdesignzz.com
modulatic.com
measuremateshop.com
5starseptics.com
zexalin.top
r693.xyz
techcryptoreview.com
singiteasy.store
portpay.site
holmtransport.com
zkdwvtg.top
nonetdc.xyz
customerservicesafesteptub.com
myhandmadeheaven.com
prostockdirect.store
vppq.buzz
malibu5.com
alexfallah.com
93oo.top
illatales.com
Targets
-
-
Target
4a3d68d1c0d4ccc8a137f1a6c41832131a9bd6050c25abba3777a50a7b142f3a
-
Size
602KB
-
MD5
91f1ee01deaf01ff8622cf95dde181d5
-
SHA1
cf4a960e3ead0c10deeeaccd6e7650b0042c524e
-
SHA256
4a3d68d1c0d4ccc8a137f1a6c41832131a9bd6050c25abba3777a50a7b142f3a
-
SHA512
176fc1fbc3a6b59d702f6e54eb6e4635bab859f18ec693cd23fc667b72fb55ee98641fd31ff0a5303b6dd6d57cb3387732f1281e2c08f21503397b8f03a67db8
-
SSDEEP
6144:WdE8uEDkEfQQvbaGrYddRe+51qjREwCZfc7RO5E4Z1eFEZpIismTxg9FromA4Rl:X8lDAjGrc7G2wCSOn1kOpIiteSmhf
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook payload
-
ModiLoader Second Stage
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-