General
-
Target
POJAN20217.exe
-
Size
703KB
-
Sample
230408-l7twqseg7s
-
MD5
fbd062a526493f39857b1ff06b38e3b9
-
SHA1
cb539fa1dc65214e029a94bb2476b0ec93223549
-
SHA256
9c0b00c20b1b397ff688a1da698420f0f7453b962d4f732ed91189be7cae3c9c
-
SHA512
bce4aaa0650ac0e6adafdecd38634a0a9d0b16c81363c341a4457441d376a2a1bcc2cb641cf1f3fd20ff8009fca4ddadec12d9e9d8628bc76e1fa2a580d4fcac
-
SSDEEP
12288:jhdbZQFXq//Y4v3eftE3LSq/ysk+UlvLFB7u/GFI3dSq0j:zZQlSrvOftE3bxRUFJgdS/j
Static task
static1
Behavioral task
behavioral1
Sample
POJAN20217.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
POJAN20217.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
formbook
4.1
h3sc
seemessage.com
bitlab.website
cheesestuff.ru
bhartiyafitness.com
bardapps.com
l7a4.com
chiara-samatanga.com
lesrollintioup.com
dropwc.com
mackey242.com
rackksfresheggs.com
thinkvlog.com
aidmedicalassist.com
firehousepickleball.net
sifreyonetici.com
teka-mart.com
ddttzone.xyz
macfeeupdate.com
ivocastillo.com
serjayparks.com
uptimeps.cfd
prioritivity.com
linjia.cfd
rentmobil99.com
amazonpublicationhouse.com
wisconsinprivatelenders.com
emavgrfcolvin.click
navegadornet.tech
extremetension.com
hpm8cnb5s2vqr.com
sxhjdp.com
breathevitality.com
easyshopalgeria.com
profibex.com
3546464356.top
shopanml.space
andhra2telangana.com
b4pizzeria.click
thehealingcoaches.com
theantalyas37d.com
tyuuhai.site
look.fashion
zbzhaochang.com
emmettis.com
data4u-e.shop
dawnzdesignzz.com
modulatic.com
measuremateshop.com
5starseptics.com
zexalin.top
r693.xyz
techcryptoreview.com
singiteasy.store
portpay.site
holmtransport.com
zkdwvtg.top
nonetdc.xyz
customerservicesafesteptub.com
myhandmadeheaven.com
prostockdirect.store
vppq.buzz
malibu5.com
alexfallah.com
93oo.top
illatales.com
Targets
-
-
Target
POJAN20217.exe
-
Size
703KB
-
MD5
fbd062a526493f39857b1ff06b38e3b9
-
SHA1
cb539fa1dc65214e029a94bb2476b0ec93223549
-
SHA256
9c0b00c20b1b397ff688a1da698420f0f7453b962d4f732ed91189be7cae3c9c
-
SHA512
bce4aaa0650ac0e6adafdecd38634a0a9d0b16c81363c341a4457441d376a2a1bcc2cb641cf1f3fd20ff8009fca4ddadec12d9e9d8628bc76e1fa2a580d4fcac
-
SSDEEP
12288:jhdbZQFXq//Y4v3eftE3LSq/ysk+UlvLFB7u/GFI3dSq0j:zZQlSrvOftE3bxRUFJgdS/j
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook payload
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-