General
-
Target
db69af7fee69d61e4eb0268afb7cd9f8.exe
-
Size
286KB
-
Sample
230711-pwr5jsab2s
-
MD5
db69af7fee69d61e4eb0268afb7cd9f8
-
SHA1
47568ce8cc356ad3858fc25c334e63d7b8742849
-
SHA256
7644456ea433ce8755d64746d7420bcc88df377ac1242657f6428c4a9c51173a
-
SHA512
78e350a54c221b7fabb9780cb6adc70e62a4ef39278a8545795a777a17a84203d2dc689f78531f1118ee6afa875fa52d8fe138cb8b20ac0acfcd28461652b22d
-
SSDEEP
6144:mz2PI+nT0UvWKIAaMBzLpPCyw7QlBRg5cb3k+mKbG/ICLJqZ:BI4xTIJMxLoNiDkhKdCcZ
Static task
static1
Behavioral task
behavioral1
Sample
db69af7fee69d61e4eb0268afb7cd9f8.exe
Resource
win7-20230703-en
Malware Config
Extracted
formbook
4.1
al05
becapmuiu.xyz
wearerp.com
beautychannel.world
kuwiti.com
vex5678.com
pecanbayouwoodworks.com
lrsconcrete.com
emgje.buzz
haorizi.net
tradingbattle.net
growgram.info
zuolide.com
poliedriconsulting.com
persjateng.com
pseudlifelif.com
tgteletg.top
33changing.com
jayagrandcounty.com
thegopigirls.com
c8685.top
cyberkracken.com
8451555.xyz
internationalabn.com
blackbeardbar.com
vetnymtravde.xyz
sevenmilehillsanctuary.com
haah1vjv3ml7yf.xyz
kimberlyquinterorealtor.net
dokumenty-ohrana-77.net
llmnissan439.vip
japanesesake.top
kuoli.xyz
tratamentoseficazes.com
mailkaski.com
alsaudidaily.com
zfjisumk.com
vrijtsnudge.xyz
smallcanberraweddings.com
plaketcad.cfd
lng-i.pro
jaschatfashion.com
synapsereferrals.com
exploringfrontiers.com
uutv201.xyz
ballbocce.com
dihai.net
panemeventsandentertainment.com
newmuny.com
onlinestorageservice.com
cannaglobe.website
minhw.shop
bradcred.com
thwys802.xyz
crictirshs.net
valutazioneimpatto.com
blackoutbundles.com
hnnhf7j4378rq5.xyz
oudfactoryom.com
lazydaisygiftstores.net
firstchoiceassistants.com
wincash88.info
grelion.com
qinyekeji.com
words2watch.com
panzerapish.cfd
Targets
-
-
Target
db69af7fee69d61e4eb0268afb7cd9f8.exe
-
Size
286KB
-
MD5
db69af7fee69d61e4eb0268afb7cd9f8
-
SHA1
47568ce8cc356ad3858fc25c334e63d7b8742849
-
SHA256
7644456ea433ce8755d64746d7420bcc88df377ac1242657f6428c4a9c51173a
-
SHA512
78e350a54c221b7fabb9780cb6adc70e62a4ef39278a8545795a777a17a84203d2dc689f78531f1118ee6afa875fa52d8fe138cb8b20ac0acfcd28461652b22d
-
SSDEEP
6144:mz2PI+nT0UvWKIAaMBzLpPCyw7QlBRg5cb3k+mKbG/ICLJqZ:BI4xTIJMxLoNiDkhKdCcZ
-
Formbook payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-