General
-
Target
Ylvjcujvcjtsqv.exe
-
Size
2.8MB
-
Sample
231203-ty9jtsch75
-
MD5
9036abae6529a51f5d50825d88dc95a4
-
SHA1
5c10c6dc6146db9f545dd1e8fbac70fe2c333a8a
-
SHA256
1117ea5185a8c16dbc9af96cbb580f5ac55a5f4bc0963e149c83a6c9c35dba7a
-
SHA512
d9a9ce7096cc24985e8f2731e67e57abf7f24ea5213051b15a7951731db263f7a741b955fa672157c46d9e69ef5df614148b95ffbff246f7999df610be854c47
-
SSDEEP
49152:Xm/PpH8yc0/wU2lpe63ZrxKrVEbRIqiPt41uFehg1mQzZ:XOpcyV/wjpdZrxEVEtI14wqnY
Static task
static1
Behavioral task
behavioral1
Sample
Ylvjcujvcjtsqv.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
Ylvjcujvcjtsqv.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
formbook
4.1
ao65
spins2023.pro
foodontario.com
jsnmz.com
canwealljustagree.com
shopthedivine.store
thelakahealth.com
kuis-raja-borong.website
hbqc2.com
optimusvisionlb.com
urdulatest.com
akhayarplus.com
info-antai-service.com
kermisbedrijfkramer.online
epansion.com
gxqingmeng.top
maltsky.net
ictwath.com
sharmafootcare.com
mycheese.net
portfoliotestkitchen.com
gwhi13.cfd
fuzzybraintrivia.com
thnkotb.com
merchdojacat.com
1techtrendzstore.com
cnkclaw.net
xsslm888.com
musecheng.net
flowandfield.online
somdevista.com
baissm.top
xn--88-uqi1dtk.com
cewra.com
stellarskyline.com
mbutunerfitness.com
ssongg13916.cfd
sprockettrucking.com
boonts.cfd
oaistetic.com
enfejbazi1sjrttrsjegfwafe.click
you-can-too.com
chamdiemcchc.com
mrgdistilling.info
yptv1.com
ecofare.xyz
ouxodb001.cfd
sdymavillageculturehouse.com
carbolife.net
iokgw1.top
harmonicod.com
bbpinata.com
grfngr.design
colibriinvest.com
infossphere.space
glistenbeautylounge.com
paysprinters.online
ruhaniiyat.com
leathfortexas.com
tuesdayfolder.com
autoinsurancebound.com
scwanguan.fun
darkcreamslivki.xyz
0qtqg.com
ycth3hhtkd.asia
hivaom.top
Targets
-
-
Target
Ylvjcujvcjtsqv.exe
-
Size
2.8MB
-
MD5
9036abae6529a51f5d50825d88dc95a4
-
SHA1
5c10c6dc6146db9f545dd1e8fbac70fe2c333a8a
-
SHA256
1117ea5185a8c16dbc9af96cbb580f5ac55a5f4bc0963e149c83a6c9c35dba7a
-
SHA512
d9a9ce7096cc24985e8f2731e67e57abf7f24ea5213051b15a7951731db263f7a741b955fa672157c46d9e69ef5df614148b95ffbff246f7999df610be854c47
-
SSDEEP
49152:Xm/PpH8yc0/wU2lpe63ZrxKrVEbRIqiPt41uFehg1mQzZ:XOpcyV/wjpdZrxEVEtI14wqnY
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook payload
-
ModiLoader Second Stage
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-