General
-
Target
4e57a7ae42e9005020df2671b6aa6cf19d044be264da5f8e1a4836d5a47b2f14
-
Size
1018KB
-
Sample
230608-gnbtlacg72
-
MD5
8f25fe4c31de1a795ca154d7dacad298
-
SHA1
754e42ede6c7d66fee0c161538ba7f274b09c613
-
SHA256
4e57a7ae42e9005020df2671b6aa6cf19d044be264da5f8e1a4836d5a47b2f14
-
SHA512
cf9dd4d770a70def7865431cb697e8b6b2ecd39bb73fd0835d72b16d5980c4fa802f2653587952c3d4e2426b55e4302b5f1611dd1f06f8c00bc132b0c45aa7d2
-
SSDEEP
24576:ePLjh9E6G3VibpHIdebodR6jlKFtQVUv+iP8o79bO+:2jh3G32poHRS2tQuWikK9j
Static task
static1
Malware Config
Extracted
formbook
4.1
be03
caritahu.xyz
myranksoldier.com
belanjakaleng.shop
happytalentatwork.com
miscdot.net
k007i.fun
btq8.com
ae888te.top
pp81870.com
fitness-instructor.asia
gigamoonai.com
rajabt.online
wearerdio.store
kolapsgretel.cfd
pgp912.com
greenbayrfl.com
ledscroller.net
geposmet.xyz
w77738.com
dillgemme.cfd
oriturtech.com
mandala-klass.online
as6prioridades.com
hhmedicare.com
kumarsir.online
mlerovde.cfd
hakima.store
animehubng.com
360elemental.com
bjshangpin.com
www81am.com
stokebrew.com
yeterkibenisevsen.net
gd5j4s7.icu
repai-hnsg.shop
turnagainmusic.com
mo8o.com
newjuyun.com
tsgo.monster
gvaztor.xyz
lgzsc.com
riverviewdeals.store
kotarian.com
tastings.center
flowercups.shop
ht652t.com
wherehavewebeen.com
patronbases.cfd
seblak33porsi.xyz
shuangju.app
euronexus.xyz
wud7ew8h.xyz
docdorad.xyz
bancaf8.net
humilu.com
ounrsoni.cyou
linemanknives.com
ftd7u.com
wls8.com
92dbxvhr.xyz
joeledina.com
evellamakeup.com
heji180.top
ns3vl.buzz
skyechefs.com
Targets
-
-
Target
4e57a7ae42e9005020df2671b6aa6cf19d044be264da5f8e1a4836d5a47b2f14
-
Size
1018KB
-
MD5
8f25fe4c31de1a795ca154d7dacad298
-
SHA1
754e42ede6c7d66fee0c161538ba7f274b09c613
-
SHA256
4e57a7ae42e9005020df2671b6aa6cf19d044be264da5f8e1a4836d5a47b2f14
-
SHA512
cf9dd4d770a70def7865431cb697e8b6b2ecd39bb73fd0835d72b16d5980c4fa802f2653587952c3d4e2426b55e4302b5f1611dd1f06f8c00bc132b0c45aa7d2
-
SSDEEP
24576:ePLjh9E6G3VibpHIdebodR6jlKFtQVUv+iP8o79bO+:2jh3G32poHRS2tQuWikK9j
-
Formbook payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-