General
-
Target
b79369c7e79099736c882b54a54898237dc1506acef308849e8cfa88277de46d
-
Size
581KB
-
Sample
240507-azeajaae41
-
MD5
8ebd77032131fa4c9a524b48f241f6ce
-
SHA1
0cc05beba021427f9a8b6d3b1395bf820355a820
-
SHA256
b79369c7e79099736c882b54a54898237dc1506acef308849e8cfa88277de46d
-
SHA512
a3655e41379df08f23a3242bec23464d261e562785d298b2372275c9040d137209ca9cb6a7e863a796aae02f502456e800a701d0d02de5fcae71c4399a7c832f
-
SSDEEP
6144:TBMEPlABQ0OaqtszpR8V2hYHgORzw+A9PVsZWeDkDu+I2h7whAzO0KZfNrH/:T9Aq0OaqO/8VTXsNvkRNBXZfNL/
Static task
static1
Behavioral task
behavioral1
Sample
b79369c7e79099736c882b54a54898237dc1506acef308849e8cfa88277de46d.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
3.9
sk
ordersakeonline.net
denisekeelebedford.com
vincentbibuld.com
theswordslinger.com
360sowo.com
birimtihanmevsimi.com
loatta.com
vcmwp.info
arthribon.com
penwortham.church
18666964931.com
publibcn.com
purplekisscouture.com
siquieroceremonias.com
4111zzzzz.com
mvpsportstherapy.info
3rdlegion.com
draguleatherworks.com
kp-sonia.com
mysciencegarden.education
acyash.com
thewhickedwhisker.com
rezervez.com
guanyinds.com
trakviral.com
kittyboodle.com
sandiegosolutions.com
britannia-jewellery.com
radabau.com
xn--e1agiljw.com
runningnewsbd.com
kirbyshealthemporium.com
thegoodtraffic4updates.download
mouldby.com
safetyfirstpoolinspections.com
wandawellness.online
h2buildars.com
tribaltranscenter.com
chooseyourdata.com
lolxoxowtf.com
gcag.church
ascensionkids.com
thewithdrawn.com
it-worldnews.net
brickbroadcastingjr.com
mottamail.com
dj-moschino.com
baobaoroom.com
1zhejie.com
hatesunlikemoon.com
bsjiot.com
rasc2004.info
unite2score.com
encounterrealestate.com
kkcoating.com
minicosmetic.net
naijasurf.com
icese.net
jeffmcmanusdesign.com
shlcabs.com
idsfinancialcorp.com
bailbondsbyruth.com
bluetiel.com
todaysliftinggains.com
kerxbin.com
Targets
-
-
Target
b79369c7e79099736c882b54a54898237dc1506acef308849e8cfa88277de46d
-
Size
581KB
-
MD5
8ebd77032131fa4c9a524b48f241f6ce
-
SHA1
0cc05beba021427f9a8b6d3b1395bf820355a820
-
SHA256
b79369c7e79099736c882b54a54898237dc1506acef308849e8cfa88277de46d
-
SHA512
a3655e41379df08f23a3242bec23464d261e562785d298b2372275c9040d137209ca9cb6a7e863a796aae02f502456e800a701d0d02de5fcae71c4399a7c832f
-
SSDEEP
6144:TBMEPlABQ0OaqtszpR8V2hYHgORzw+A9PVsZWeDkDu+I2h7whAzO0KZfNrH/:T9Aq0OaqO/8VTXsNvkRNBXZfNL/
-
Detects executables packed with Cassandra/CyaX
-
Detects executables packed with ConfuserEx Custom; outside of GIT
-
Formbook payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-