General
-
Target
e95742503cd258666b61c5dde8a9003a.exe
-
Size
1.2MB
-
Sample
230608-hlxtqade8w
-
MD5
e95742503cd258666b61c5dde8a9003a
-
SHA1
cee3b32cbbcec87c7393a066012e6a2479867d4f
-
SHA256
f52f3c64c7e5729b929919c449f9087899823470d11335c5dad97f8c19ce2679
-
SHA512
d2fad4e9bd20551bf89c15e86806a76f2dddb7702666b15fb64005effea01fcbe0087f3424c7f867e9ffa8021647e118f222595b43c039ce76fe9a33c7922fdd
-
SSDEEP
24576:7Pw6DkT6kfGME6G3VibpHIdebodR6jlKFtQVUv+iP8o79bO+s:75gTvG32poHRS2tQuWikK9js
Static task
static1
Behavioral task
behavioral1
Sample
e95742503cd258666b61c5dde8a9003a.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
xchu
zcartoons.com
castilloshowroom.com
3bmmdtod.life
misaxoxo.com
nadiya.online
sykkbup29.xyz
triciaaprimrosevp.com
newleter.com
ptzslk.xyz
lightbulbfestival.com
texaslandline.com
ideeintemporelle.com
girljustdoitpodcast.com
medimediamarketing.com
bunk7outfitters.com
charlievgrfminnick.click
lifestyleinthehome.com
atfbestsale.online
frontdoorproperties.co.uk
grandpaswag2024.info
masterbidbox.com
twinmall.xyz
apihb.com
tanbuhelir.com
excortclub.com
avxxxtube.com
dayonetaxes.com
xx7zncjthyo.xyz
barhat-dance.online
wxbaonayue.com
sorunsuzyayinburada9.shop
so-do-to.com
bonettr.com
gosucculents.com
axcelus.mobi
elityou.com
82163.xyz
ugfc.monster
wxxinglong.com
fleurdelis-ksa.com
australiaxxxhookup.com
hieu.asia
lailashawa.com
littlefoxgrp.com
modi.codes
frenchmattie.com
francoishogue-rpg.com
ntzb1.vip
adfoidoas.shop
meter-ooh.com
mamarosarienne.online
sharonmevans.com
ccapltal.com
ewardsrq.com
rgmtrucking.com
nilhanzsa.net
prodemtim-healthy-gums.com
aviationsoftware.aero
frog.lol
hauntingmedia.com
newindianewsnetwork.com
calfamfitclasses.net
sparrow-coffee.com
centralcoastquotes.com
tangocitymoscow.com
Targets
-
-
Target
e95742503cd258666b61c5dde8a9003a.exe
-
Size
1.2MB
-
MD5
e95742503cd258666b61c5dde8a9003a
-
SHA1
cee3b32cbbcec87c7393a066012e6a2479867d4f
-
SHA256
f52f3c64c7e5729b929919c449f9087899823470d11335c5dad97f8c19ce2679
-
SHA512
d2fad4e9bd20551bf89c15e86806a76f2dddb7702666b15fb64005effea01fcbe0087f3424c7f867e9ffa8021647e118f222595b43c039ce76fe9a33c7922fdd
-
SSDEEP
24576:7Pw6DkT6kfGME6G3VibpHIdebodR6jlKFtQVUv+iP8o79bO+s:75gTvG32poHRS2tQuWikK9js
-
Formbook payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-