General
-
Target
URMĂRIREA DHL.exe
-
Size
504KB
-
Sample
230711-qext5sac41
-
MD5
bb1b176981654681cc6321b31d4ec366
-
SHA1
f4b9868b0cf8290ea7ec2b4e1e91e36d8294571c
-
SHA256
bf10226e9ddcf64215ca45ede48c6a2d61fbfe2cb3e1cea7f0ebee38e6a3c707
-
SHA512
3a5bb06e2995f994d0796456ac8c8fa20bd18e196ac2e4274f988e47b6c321a0fb5fcbe731d2fe698280acd675489902c048c695b2cf3b326f72a019d638eff5
-
SSDEEP
12288:sC3+YT7k0PwTrVg0iTnKqvdmVVN62YDJk0cNhKZR:sa+YHL41gh7vdmDN62YDBczy
Static task
static1
Behavioral task
behavioral1
Sample
URMĂRIREA DHL.exe
Resource
win7-20230705-en
Behavioral task
behavioral2
Sample
URMĂRIREA DHL.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
formbook
4.1
il09
ahy99.com
tmzrygdv.cfd
trainingwithoutnerves.com
loaddirecters.com
elocquinn.com
sunnahscents.com
jogobrgames.xyz
skinkissedaesthetics.com
943465722.xyz
jopkrrub.cfd
kavrex.com
sensori.host
sybrstrmtdiyari.com
ourouba22.app
smilebrandsbreacsettlement.com
72um.asia
kenleyeventdesign.com
mandalastudioonline.com
much2more.com
beckettbees.com
wjpeukam.cfd
metaol.xyz
euxlbiip.cfd
mathiseninvesting.com
lastsecondlebanon.com
lmtumvld.cfd
wvbtuher.cfd
chasonreg.com
sebringcleaner.com
dotphysicalirving.com
petaura.store
bnreurtz.cfd
wmdmyzzn.cfd
family-hope.click
1bonusyakala.xyz
rushleggings.com
casadamaemariana.com
pinington.online
sslysot.xyz
contenuduck.space
gdaccv.cfd
xn--franciscoconceio-snb5e.com
kvadqllj.cfd
dbdpzlj.cfd
nanostars-ont.com
dream-home.top
fezfxtel.cfd
xn--80aahvh2beehc.com
yqlhnkku.cfd
servatios.com
thicketcontracting.com
techfiai.com
wsmjhvss.cfd
fanf5.xyz
lolfreerpcodes.com
ejaaq.xyz
betnoelgiris.website
locationgitesaintaignan.com
neiwaizhi.com
hailey-design.com
0tr22f.cfd
casalexina.com
yfhrxvci.cfd
nanhai.site
l1c86.top
Targets
-
-
Target
URMĂRIREA DHL.exe
-
Size
504KB
-
MD5
bb1b176981654681cc6321b31d4ec366
-
SHA1
f4b9868b0cf8290ea7ec2b4e1e91e36d8294571c
-
SHA256
bf10226e9ddcf64215ca45ede48c6a2d61fbfe2cb3e1cea7f0ebee38e6a3c707
-
SHA512
3a5bb06e2995f994d0796456ac8c8fa20bd18e196ac2e4274f988e47b6c321a0fb5fcbe731d2fe698280acd675489902c048c695b2cf3b326f72a019d638eff5
-
SSDEEP
12288:sC3+YT7k0PwTrVg0iTnKqvdmVVN62YDJk0cNhKZR:sa+YHL41gh7vdmDN62YDBczy
-
Formbook payload
-
Adds policy Run key to start application
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-