General
-
Target
dcdc2daa329872dc0422e072cec3f9ee
-
Size
1.2MB
-
Sample
240325-bev8zsef7z
-
MD5
dcdc2daa329872dc0422e072cec3f9ee
-
SHA1
66d92810a4a8da899c23bd64e450f51af5278855
-
SHA256
ea6c12846995551174c7587c92455d7f8b90e8992ca9cc80dbeb522dcec5f66d
-
SHA512
7e98ddadd7e99866e167dba1911b0def6a57d59f5825ac0d1d3e8108b7f3c9e0dd3d43e3dbddc4c774cfcadf970c3f0770736878d12e5bae6d231737f42ef23f
-
SSDEEP
24576:gYJSCmi+OsBgo0q4wMr1/7l+4Ke4j720546:gaHoHMrVlRmy0J
Static task
static1
Behavioral task
behavioral1
Sample
dcdc2daa329872dc0422e072cec3f9ee.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
iesm
terracounselling.com
gmartindiastores.com
themekinhdoanh.com
chemluan.com
volvordposts.com
poyef.com
flyraven.com
tulord.com
landoflostarchitects.com
jdemong.com
tiendadecabello.online
adjimmobiliere.com
ssga-sia.com
senegalo-britanique.com
simplyhealthcareplsns.com
danishbay.com
melanieandisrael.com
idgrafo.com
forex160.com
ekohectaresandvilla.com
buyyoursuzuki.com
somersetfairfield.com
schekerland.com
paye-me.com
b5533.com
tentsourceusa.com
thefordcapri.com
carolynluttrell.com
autoselections.com
rentmyflowersplus.com
milayapi.net
1fitinc.com
ck-gran.site
kiananthony.com
golpasz.com
challengeakseptedyogee.xyz
changfu888.com
cngj815.com
futoga.com
montereycannabisclub.com
app-disc-mobile.com
liconadesigns.com
funsolitaireking.com
classicyachtspoom.com
msrawyh.com
mangounicorn.com
tyigh.com
ijiayong.com
skill2020.net
tubekittysex.net
kootermgt.com
visionsofhomedesign.com
pinkdogink.com
resmipkv.com
gabiortiz2023.com
eaforexbank.space
zyzxcn.com
sweetlystudio.com
panigrohon.com
jmbcfmoto.com
juxrams.info
kia.expert
obigkart.com
touchpaddles.com
htmlemailrepair.com
Targets
-
-
Target
dcdc2daa329872dc0422e072cec3f9ee
-
Size
1.2MB
-
MD5
dcdc2daa329872dc0422e072cec3f9ee
-
SHA1
66d92810a4a8da899c23bd64e450f51af5278855
-
SHA256
ea6c12846995551174c7587c92455d7f8b90e8992ca9cc80dbeb522dcec5f66d
-
SHA512
7e98ddadd7e99866e167dba1911b0def6a57d59f5825ac0d1d3e8108b7f3c9e0dd3d43e3dbddc4c774cfcadf970c3f0770736878d12e5bae6d231737f42ef23f
-
SSDEEP
24576:gYJSCmi+OsBgo0q4wMr1/7l+4Ke4j720546:gaHoHMrVlRmy0J
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Formbook payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-