General
-
Target
4fa301c6f5c6013be9d3b136ef6fbb96.exe
-
Size
1.7MB
-
Sample
231126-kljm7sfh75
-
MD5
4fa301c6f5c6013be9d3b136ef6fbb96
-
SHA1
1e1e6227b2bc7426b168a492c4b8d202478be1a4
-
SHA256
e5590f3ca36c707f3cec8c6fdfecfa949233708dae9b8d11f020906b8058bffa
-
SHA512
797b816d9163ad032caafcaed0ec43f8c7f3e4689ca61ea71776ff1bc1a5d08aacf671fbb07cdd2be9e10736c2d3a7253763156cb2d91c107d8916e3f758bfc1
-
SSDEEP
49152:bZAtX8IxTqh0eJa3DZEe9sRuCVCW4lMyqChsQ:bZmXX8Za31CuCc5MXC+Q
Static task
static1
Behavioral task
behavioral1
Sample
4fa301c6f5c6013be9d3b136ef6fbb96.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
4fa301c6f5c6013be9d3b136ef6fbb96.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
formbook
4.1
6nrs
mteverestminiralwater.com
northlakesodllcgov.com
de-guru.com
iwz-69.com
323va.com
tiktokshopbuilder.com
sekisensei.com
jcpublicschoolsfoundation.com
yangguangdadao.net
dingshenghr.net
yzyz458.xyz
topmczonseo.com
financeconta.com
handtools-88870.bond
scymedia.online
rutman.store
qlpss.com
righitch.com
parentsrpeople2.com
appeal-request-review.com
getestablishcrednow.net
hjkl500.space
bottles2bags.com
willanime.com
tqmqmkmmh.top
tawreed-int.com
whhqlh.com
medicaltraininglnstitution.com
schneidermans.shop
551kk.cfd
h-m-31.com
8363k.vip
chatlhh5.com
precisionappinstalls.com
uslasry.net
data-analytics-78756.bond
assabmould.net
ivxxms.top
cnwsjd.cfd
chronotech.online
rzrfux.com
aquaedgewatersports.com
novaatria.com
gddeli.icu
nancymottabstractart.com
rsungu.com
aeroportlogistics.com
occultdoctor.com
idolaqq6.xyz
cremation-services-98621.bond
druk.site
tasaki.shop
yehslawd.com
mqksv2.top
cybertechglobalai.com
testcf.xyz
ravalpersonnelservices.com
easyhealthconsulting.com
forklift-job.sbs
ssongg10494.cfd
ecodfairs.top
inin-03.com
601234.net
milehighopenhouse.com
fmahrd.com
Targets
-
-
Target
4fa301c6f5c6013be9d3b136ef6fbb96.exe
-
Size
1.7MB
-
MD5
4fa301c6f5c6013be9d3b136ef6fbb96
-
SHA1
1e1e6227b2bc7426b168a492c4b8d202478be1a4
-
SHA256
e5590f3ca36c707f3cec8c6fdfecfa949233708dae9b8d11f020906b8058bffa
-
SHA512
797b816d9163ad032caafcaed0ec43f8c7f3e4689ca61ea71776ff1bc1a5d08aacf671fbb07cdd2be9e10736c2d3a7253763156cb2d91c107d8916e3f758bfc1
-
SSDEEP
49152:bZAtX8IxTqh0eJa3DZEe9sRuCVCW4lMyqChsQ:bZmXX8Za31CuCc5MXC+Q
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook payload
-
ModiLoader Second Stage
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-