General
-
Target
Kvcyqchhbhkahw.exe
-
Size
836KB
-
Sample
230420-mbebvabb9t
-
MD5
fe94db3dddb1cbf50762249cb8660f3f
-
SHA1
9cf631ac4eae8b40b5170c9c4d2fdee87b887198
-
SHA256
c35d39c896510b7dc65ebb37f3ab35837f0fe500c8f9927988feacd92d41eb92
-
SHA512
0064e05ac465e72e033b911f0409cc9da3047d6134db3ee39bbc5adb1ba637eb3fef76dfa0798a5257701ac3289c6821468731df845c6e13cdd53b631ffe5e51
-
SSDEEP
12288:T8rLgxLKQfJJuXFI3MU+oVv6G57D1llttQCMO+U1xldIuau/T2SAzCk1:wrLgO0023ZQK9CO+U1xldqu/T2SA
Static task
static1
Behavioral task
behavioral1
Sample
Kvcyqchhbhkahw.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Kvcyqchhbhkahw.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
formbook
4.1
3nop
slot999.site
hagsahoy.com
howdyart.com
orders-marketplace.com
ranaa.email
masterlink.guru
archershut.com
weikumcommunications.com
dphardmoney.com
shjyutie.com
vivaberlin.net
mycto.today
curvygirlugc.com
otnmp.cfd
alwrists.com
propercandlecompany.com
allindustry-bg.com
theyoungbizacademy.com
expand658170.com
leslainesdumouchon.com
suptisa.com
picnic-in-andong.com
wanligui.com
cesarjunaro.com
kuxita.xyz
simpkecpr.com
microsoftsecuritys.com
responsefactor.com
polyggroup.com
talonxmfg.biz
jam-nins.com
picuar.com
familysafehidingplaces.com
centericehockey.com
appleidd.info
igctsansculottism.sbs
guiaestilosaude.online
happysscribe.com
tizzbizz.com
qcorretor.com
baremaster.online
liputanlima.com
ontherighttrack.systems
zzza002.xyz
k-aashirwaad.com
stillwatersagawork.com
skindoze.com
asdjmhfg.xyz
refaccionariafgnogales.com
hunn.pro
tlland.group
homebizen.com
newszi.xyz
nicetimecafe.net
qdbs.cloud
ebtl.wtf
dchasss.com
kijangjantan.tech
elegant-story.com
glimtmedia.com
1dot.online
neatneighborncclean.com
marionarzel.com
app-arthrex.com
xctech.world
Targets
-
-
Target
Kvcyqchhbhkahw.exe
-
Size
836KB
-
MD5
fe94db3dddb1cbf50762249cb8660f3f
-
SHA1
9cf631ac4eae8b40b5170c9c4d2fdee87b887198
-
SHA256
c35d39c896510b7dc65ebb37f3ab35837f0fe500c8f9927988feacd92d41eb92
-
SHA512
0064e05ac465e72e033b911f0409cc9da3047d6134db3ee39bbc5adb1ba637eb3fef76dfa0798a5257701ac3289c6821468731df845c6e13cdd53b631ffe5e51
-
SSDEEP
12288:T8rLgxLKQfJJuXFI3MU+oVv6G57D1llttQCMO+U1xldIuau/T2SAzCk1:wrLgO0023ZQK9CO+U1xldqu/T2SA
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook payload
-
ModiLoader Second Stage
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-