General
-
Target
PRAĆENJE.exe
-
Size
500KB
-
Sample
230711-p5cq8aab6v
-
MD5
ed28797b223174c35338e9c60d458647
-
SHA1
61421c29e59c86650f90eac70ba0670b04694eb8
-
SHA256
bf83191dd578c7d4a1ba6c1b3e951aff4fe1b6b2dc59b8dc534f66ba0b530d47
-
SHA512
6b177c0a1c8793a979237d796ef1b971f74f01b0add120a279bd1540452b328a01ee3647434f850bad99e5a2e53d24639307145711d0d159e87f469319ed463a
-
SSDEEP
12288:sC3+YT7k0PwTrVg0iT0kB8deUeLZ+pH7f0O58oAUjXA:sa+YHL41gh0/qU3+vULA
Static task
static1
Behavioral task
behavioral1
Sample
PRAĆENJE.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
PRAĆENJE.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
formbook
4.1
il09
ahy99.com
tmzrygdv.cfd
trainingwithoutnerves.com
loaddirecters.com
elocquinn.com
sunnahscents.com
jogobrgames.xyz
skinkissedaesthetics.com
943465722.xyz
jopkrrub.cfd
kavrex.com
sensori.host
sybrstrmtdiyari.com
ourouba22.app
smilebrandsbreacsettlement.com
72um.asia
kenleyeventdesign.com
mandalastudioonline.com
much2more.com
beckettbees.com
wjpeukam.cfd
metaol.xyz
euxlbiip.cfd
mathiseninvesting.com
lastsecondlebanon.com
lmtumvld.cfd
wvbtuher.cfd
chasonreg.com
sebringcleaner.com
dotphysicalirving.com
petaura.store
bnreurtz.cfd
wmdmyzzn.cfd
family-hope.click
1bonusyakala.xyz
rushleggings.com
casadamaemariana.com
pinington.online
sslysot.xyz
contenuduck.space
gdaccv.cfd
xn--franciscoconceio-snb5e.com
kvadqllj.cfd
dbdpzlj.cfd
nanostars-ont.com
dream-home.top
fezfxtel.cfd
xn--80aahvh2beehc.com
yqlhnkku.cfd
servatios.com
thicketcontracting.com
techfiai.com
wsmjhvss.cfd
fanf5.xyz
lolfreerpcodes.com
ejaaq.xyz
betnoelgiris.website
locationgitesaintaignan.com
neiwaizhi.com
hailey-design.com
0tr22f.cfd
casalexina.com
yfhrxvci.cfd
nanhai.site
l1c86.top
Targets
-
-
Target
PRAĆENJE.exe
-
Size
500KB
-
MD5
ed28797b223174c35338e9c60d458647
-
SHA1
61421c29e59c86650f90eac70ba0670b04694eb8
-
SHA256
bf83191dd578c7d4a1ba6c1b3e951aff4fe1b6b2dc59b8dc534f66ba0b530d47
-
SHA512
6b177c0a1c8793a979237d796ef1b971f74f01b0add120a279bd1540452b328a01ee3647434f850bad99e5a2e53d24639307145711d0d159e87f469319ed463a
-
SSDEEP
12288:sC3+YT7k0PwTrVg0iT0kB8deUeLZ+pH7f0O58oAUjXA:sa+YHL41gh0/qU3+vULA
-
Formbook payload
-
Adds policy Run key to start application
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-