General
-
Target
03f68e754aaa9699ee2ef3396020e5ae.bin
-
Size
420KB
-
Sample
230608-bctx5sae7y
-
MD5
8dcf6b22c6846fa32e2be018fd90ca4c
-
SHA1
5f25706c37cc555ae686aff518f3b2f701242c5c
-
SHA256
31d4a66b08ab1e32264b6570e9295b0d5b9f047896f83136f186871520544d07
-
SHA512
cc1ebff6575b1b32e925c9e6fb499e622f51e0cab7dd13b65ce6c17f72571dda739bbc0180577fdb124de34dc7d72b83e7b4b1ec09517a5c35f6909304b4de84
-
SSDEEP
12288:dR9ikvGkZ5fG9jEmUVc33jotWNyMAPOYEmyFOCY8moG85J:MkOk+97smctWNyMAdEmyFOz8qwJ
Static task
static1
Behavioral task
behavioral1
Sample
54be9ba2765771cc0ba840828116938a88a6bc48732f79113afd36b3e1c264ba.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
54be9ba2765771cc0ba840828116938a88a6bc48732f79113afd36b3e1c264ba.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
formbook
4.1
t3c9
shadeshmarriagemedia.com
e-russ.com
sofiashome.com
theworriedwell.com
americantechfront.com
seasonssparkling.com
maximuscanada.net
tifin-private-markets.com
amecc2.net
xuexi22.icu
injectiontek.com
enrrocastoneimports.com
marvelouslightcandleco.com
eaamedia.com
pmediaerp.com
tikivips111.com
chesterfieldcleaningcare.com
thecrowdedtablemusic.com
duncanvillepanthers.com
floriculturajoinville.xyz
bestcleaningagent.com
blackpartyplanners.online
atlanticphotovideo.com
welfarewith.com
vsesvezhie.online
kingballyeg.com
onanshop.com
navarathnatemple.com
tajcostore.com
bittoastergames.com
brasswork.info
92luoli.top
neuroimagingai.com
travisheightspartners.com
securelifestyles21.net
toydrumhosting.com
a-2-zwholesale.com
mnehbr.cloud
hot51.one
3g10v4jwti2tur96.digital
barbosasilvaadv.com
addidas.me
onpu.sa.com
pienso-mascotas.com
brinkmicro.com
mari4731.com
redtocsin.com
tarponspringshandyman.com
shknote.com
jacksonholekush.com
thephilosophyacademy.com
gsolartech.com
oferstar.com
earlyrepeal.online
medi-vacations.net
bigredsellshomes.com
bonitageeks.icu
bossingh.xyz
shanghaizang.com
maisonlectio.com
monktech.xyz
hsmm999.com
bateful.com
billiondollar.company
millesimevintage.com
Targets
-
-
Target
54be9ba2765771cc0ba840828116938a88a6bc48732f79113afd36b3e1c264ba.exe
-
Size
842KB
-
MD5
03f68e754aaa9699ee2ef3396020e5ae
-
SHA1
1006050371550d0a31c17664e51a1ad91473ff6f
-
SHA256
54be9ba2765771cc0ba840828116938a88a6bc48732f79113afd36b3e1c264ba
-
SHA512
dcd0913e92b574e0ea795aa3508a6a10516366230ed06233f3c237f8fb227f827f88c1b23eaf7aff05277b7c5b5579f6d7fdaa4763c02c71a854da63ee458bce
-
SSDEEP
12288:tqcXKzYRKvoT9GfENy1H+n4J6m39o8K796Wbk0SDpcCMZMg:tfXKoT9GfENy1H9Q7f796Wbk0OpcI
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook payload
-
ModiLoader Second Stage
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-