General
-
Target
63e437a647e0cd76c38f1e73b5f1d5aa54c8e6a7f26cd31bd0fae9b1994751e9
-
Size
776KB
-
Sample
230405-lqkazach79
-
MD5
39f0289d03e15ee2dc83e561645c4a6d
-
SHA1
b20ed4c283b9af631ff89720f8242392c4b9543f
-
SHA256
63e437a647e0cd76c38f1e73b5f1d5aa54c8e6a7f26cd31bd0fae9b1994751e9
-
SHA512
63ecdbc41f9ad0939521e0120e1765320c262b1f47e0b869e47e3bd31fce5d4a10a9d78d6202c0cd6ce1f0d8708492685655e8d33974770c078ff39c3e3c9aad
-
SSDEEP
24576:uMwf+m50w/dByz96NHuhR60AkJApfZ5ZM1P3A6YlBE5GwM:uMwf0w/dsEwRTApfrW93AXbENM
Static task
static1
Behavioral task
behavioral1
Sample
63e437a647e0cd76c38f1e73b5f1d5aa54c8e6a7f26cd31bd0fae9b1994751e9.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
u34f
carpool.bar
badburyparkbakery.co.uk
aigooglebot.com
arihantautogas.com
specmart.online
newschatgpt.net
mmcroberts.com
ativeerrtechnologies.com
pheonix-blog-lomg-1098.com
simplisetup.com
teorikatapublishing.com
stephanyvgrfingle.click
tropicoa.com
isystem.world
tiger-lion.space
mackenziefarms.net
tl8841.buzz
alfabank.credit
lockdaccesactolapqqk.com
directaccesspetroleum.com
seastheday.world
labxinfo.net
schachtuniere.com
rebalcompany.com
fazzhq.com
giups.com
gamma-distribution.com
dengizaim1969.ru
besocialeventsnj.com
iwnu.buzz
discoverthrift.com
lepornogayplus.com
rapiddermscan.com
emdhconstruction.com
mistersim.space
shoplasana.com
osomsites.com
nesttutorial.store
cbizgrowth.site
forandagainst.studio
gimmetimes.com
ladywhistleblow.com
todaysiphone.com
bizbuxs.com
loasterfio.fun
9506x.xyz
uptimegator.com
0755cars.com
knightofcali.com
shopwvkmb.site
maddies-shop.com
matrixhypermarket.com
zulutrade-ai.store
rangerfps.online
telecomds.online
marsspider.com
regensburg-apartment.com
thienhavosong.click
consultavenue.com
nutriversalfitness.com
ircecnter.com
olmctemperance.com
wildberriys.ru
pontoazevedo.com
goingsalary.tech
Targets
-
-
Target
63e437a647e0cd76c38f1e73b5f1d5aa54c8e6a7f26cd31bd0fae9b1994751e9
-
Size
776KB
-
MD5
39f0289d03e15ee2dc83e561645c4a6d
-
SHA1
b20ed4c283b9af631ff89720f8242392c4b9543f
-
SHA256
63e437a647e0cd76c38f1e73b5f1d5aa54c8e6a7f26cd31bd0fae9b1994751e9
-
SHA512
63ecdbc41f9ad0939521e0120e1765320c262b1f47e0b869e47e3bd31fce5d4a10a9d78d6202c0cd6ce1f0d8708492685655e8d33974770c078ff39c3e3c9aad
-
SSDEEP
24576:uMwf+m50w/dByz96NHuhR60AkJApfZ5ZM1P3A6YlBE5GwM:uMwf0w/dsEwRTApfrW93AXbENM
-
Formbook payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-