General
-
Target
4b7d1b8ea4216a534fd58d14e57d896be794d15ac910ff2b3c31a9762fdb6923exe_JC.exe
-
Size
247KB
-
Sample
230803-tnrk9sfd9s
-
MD5
23a7dbb59f260aeb1322319c4ba8704c
-
SHA1
be5ccabda6d58e2a70bd3d5058ff50e59b643835
-
SHA256
4b7d1b8ea4216a534fd58d14e57d896be794d15ac910ff2b3c31a9762fdb6923
-
SHA512
e688d7c24a79869d52824367bb76eec7bb95309c9d8f6cc3797daf316a29e3ab35516c5b14f278a481131098f6dac3df2af42f758610de3460d87be91b3a2e8a
-
SSDEEP
6144:Hj+q7O0EqkEDwbp3yH/4cnFn+UeHck0Iw:tVJDwbpif4AFn+U/
Static task
static1
Behavioral task
behavioral1
Sample
4b7d1b8ea4216a534fd58d14e57d896be794d15ac910ff2b3c31a9762fdb6923exe_JC.exe
Resource
win7-20230712-en
Malware Config
Extracted
formbook
4.1
my26
hqe0aw.cfd
kompromat1.life
cruises-62138.bond
servru.fun
019469.com
nelcorgold.com
tscauknf2.com
satset5.shop
kraflex.net
indoxl.city
jcm-54.com
wantedleds.shop
vzuqiiud.cfd
filipe.works
vistservice.online
bjnyfjef.cfd
thegolffund.com
hadyjayapropertindo.com
passionalchemy.com
k9eiow.cfd
getmechanics.live
thepinkbackroom.com
glesan337.xyz
okdclmpb.cfd
tukbzqgz.cfd
ksojffa236.xyz
kbbet540.com
beeouch.com
kaprichosasnails.com
trcorpbd.com
quaisdesigns.com
masterofmasterymerch.com
xffuutkf.cfd
mecruryeng.com
3ggyod.cfd
ey05d9.cfd
renovecred.com
tessasweetcdg.shop
uhxdwsiz.cfd
mexbop.xyz
m8iiep.cfd
50wzbi.cfd
l69gvj.cfd
mx3f9m.cfd
golf-app.site
theretroempire.com
tombrien.com
dannysplaces.com
p250h3.cfd
59zcbu.cfd
shantebattyy.com
ydomjrih.cfd
ceinsacursos.com
bestcustominteriors.com
mtrmuhendislik.com
cbukwza.cfd
xianghe.icu
allanzizu.com
theshowmecouple.com
reconbrute.com
kzkeyctz.cfd
gamechangergift.net
svambxqx.cfd
wkw3vc.cfd
dnozkjxj.cfd
Targets
-
-
Target
4b7d1b8ea4216a534fd58d14e57d896be794d15ac910ff2b3c31a9762fdb6923exe_JC.exe
-
Size
247KB
-
MD5
23a7dbb59f260aeb1322319c4ba8704c
-
SHA1
be5ccabda6d58e2a70bd3d5058ff50e59b643835
-
SHA256
4b7d1b8ea4216a534fd58d14e57d896be794d15ac910ff2b3c31a9762fdb6923
-
SHA512
e688d7c24a79869d52824367bb76eec7bb95309c9d8f6cc3797daf316a29e3ab35516c5b14f278a481131098f6dac3df2af42f758610de3460d87be91b3a2e8a
-
SSDEEP
6144:Hj+q7O0EqkEDwbp3yH/4cnFn+UeHck0Iw:tVJDwbpif4AFn+U/
-
Formbook payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-