General
-
Target
5dca93e324db82758adb6519abd65e2712bb69c267730bda6d6bf9646544a947
-
Size
294KB
-
Sample
230804-nslypabg8v
-
MD5
1aca72529f3d7a9bd5378b72c40ba060
-
SHA1
1e7ca79aff89651999b9df07be8f40ab86291867
-
SHA256
5dca93e324db82758adb6519abd65e2712bb69c267730bda6d6bf9646544a947
-
SHA512
16538a3fbbd3e113ebbd1049c692fa458cbfaaebcb1a02b07f29b236c8e37d053236919cf9d2562171b1075b3c6edb76723a57890fe8beef8b8dc28a06834b77
-
SSDEEP
6144:ajC8w75wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww5w5wwwwwwl:z8w75wwwwwwwwwwwwwwwwwwwwwwwwwwd
Static task
static1
Behavioral task
behavioral1
Sample
5dca93e324db82758adb6519abd65e2712bb69c267730bda6d6bf9646544a947.exe
Resource
win7-20230712-en
Malware Config
Extracted
formbook
4.1
my26
hqe0aw.cfd
kompromat1.life
cruises-62138.bond
servru.fun
019469.com
nelcorgold.com
tscauknf2.com
satset5.shop
kraflex.net
indoxl.city
jcm-54.com
wantedleds.shop
vzuqiiud.cfd
filipe.works
vistservice.online
bjnyfjef.cfd
thegolffund.com
hadyjayapropertindo.com
passionalchemy.com
k9eiow.cfd
getmechanics.live
thepinkbackroom.com
glesan337.xyz
okdclmpb.cfd
tukbzqgz.cfd
ksojffa236.xyz
kbbet540.com
beeouch.com
kaprichosasnails.com
trcorpbd.com
quaisdesigns.com
masterofmasterymerch.com
xffuutkf.cfd
mecruryeng.com
3ggyod.cfd
ey05d9.cfd
renovecred.com
tessasweetcdg.shop
uhxdwsiz.cfd
mexbop.xyz
m8iiep.cfd
50wzbi.cfd
l69gvj.cfd
mx3f9m.cfd
golf-app.site
theretroempire.com
tombrien.com
dannysplaces.com
p250h3.cfd
59zcbu.cfd
shantebattyy.com
ydomjrih.cfd
ceinsacursos.com
bestcustominteriors.com
mtrmuhendislik.com
cbukwza.cfd
xianghe.icu
allanzizu.com
theshowmecouple.com
reconbrute.com
kzkeyctz.cfd
gamechangergift.net
svambxqx.cfd
wkw3vc.cfd
dnozkjxj.cfd
Targets
-
-
Target
5dca93e324db82758adb6519abd65e2712bb69c267730bda6d6bf9646544a947
-
Size
294KB
-
MD5
1aca72529f3d7a9bd5378b72c40ba060
-
SHA1
1e7ca79aff89651999b9df07be8f40ab86291867
-
SHA256
5dca93e324db82758adb6519abd65e2712bb69c267730bda6d6bf9646544a947
-
SHA512
16538a3fbbd3e113ebbd1049c692fa458cbfaaebcb1a02b07f29b236c8e37d053236919cf9d2562171b1075b3c6edb76723a57890fe8beef8b8dc28a06834b77
-
SSDEEP
6144:ajC8w75wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww5w5wwwwwwl:z8w75wwwwwwwwwwwwwwwwwwwwwwwwwwd
-
Formbook payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-