General
-
Target
U prilogu je nova lista narudzbi.zip
-
Size
655KB
-
Sample
230405-wzw18sag5t
-
MD5
efaacde46ab461bf5ad32e0a092c8152
-
SHA1
4ebb99bb2171fb24c2801230b711e5634964589a
-
SHA256
981bd77a2a71c5cb06a8198347b8a49e8b207d8c0d532e80c405b018084181b9
-
SHA512
88933f6c3db2cdae5eb35448da58586bd187ba765db73cedd9ae9705900e12bc1043a826859f7809dc1745323827b5d35c1219f21f2eecffb9ccdcf0e3d4a9af
-
SSDEEP
12288:s2MAR54NtnW46nT/fHGBd8HqFDG9O5rOaR8kbgzHmABkP79mTiO6M5KCke:s2Mu4NtnWtnHMjbNLR8kNUqqiO6M5Khe
Static task
static1
Behavioral task
behavioral1
Sample
U prilogu je nova lista narudzbi.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
U prilogu je nova lista narudzbi.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
formbook
4.1
3nop
slot999.site
hagsahoy.com
howdyart.com
orders-marketplace.com
ranaa.email
masterlink.guru
archershut.com
weikumcommunications.com
dphardmoney.com
shjyutie.com
vivaberlin.net
mycto.today
curvygirlugc.com
otnmp.cfd
alwrists.com
propercandlecompany.com
allindustry-bg.com
theyoungbizacademy.com
expand658170.com
leslainesdumouchon.com
suptisa.com
picnic-in-andong.com
wanligui.com
cesarjunaro.com
kuxita.xyz
simpkecpr.com
microsoftsecuritys.com
responsefactor.com
polyggroup.com
talonxmfg.biz
jam-nins.com
picuar.com
familysafehidingplaces.com
centericehockey.com
appleidd.info
igctsansculottism.sbs
guiaestilosaude.online
happysscribe.com
tizzbizz.com
qcorretor.com
baremaster.online
liputanlima.com
ontherighttrack.systems
zzza002.xyz
k-aashirwaad.com
stillwatersagawork.com
skindoze.com
asdjmhfg.xyz
refaccionariafgnogales.com
hunn.pro
tlland.group
homebizen.com
newszi.xyz
nicetimecafe.net
qdbs.cloud
ebtl.wtf
dchasss.com
kijangjantan.tech
elegant-story.com
glimtmedia.com
1dot.online
neatneighborncclean.com
marionarzel.com
app-arthrex.com
xctech.world
Targets
-
-
Target
U prilogu je nova lista narudzbi.exe
-
Size
1.0MB
-
MD5
3df77cd9b148f741aabafae673c30c15
-
SHA1
40799ad5fbf94780eccd795ef07e77303b6638d9
-
SHA256
0080c65d479bdb2212ce757c8c874b8d10e2c341a557b40e5e4a1e97b889f1dd
-
SHA512
f453160682183f45e909b1e489e1c20ad3197d4327e57cb151f36765c70dea2b084c5ab2787cb6263f1aebaaabfff91ebbea54042d54227781468027e0410d91
-
SSDEEP
24576:v6R9yfVUXwTEfF59XADz3OjaZQQJ0nhUGfAp7LM:v6mO0MF59XADzejakuGfA1M
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook payload
-
ModiLoader Second Stage
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-