General
-
Target
flWhrV1J6MAi1kS.exe
-
Size
345KB
-
Sample
201109-ppzpscl12n
-
MD5
61a281d6005afdcb7b9f25b16e71bff3
-
SHA1
a380e614531478c3adf122e78568308e8a46f5c5
-
SHA256
9148c87726f97b18e044b9059a608a3b809ae02a795d44c1609bff24232c45ac
-
SHA512
bc174c366bfefc2acabdaa9b7548a726db82ff408cc145d85d5d7b0400e129d6688aa07928e0dd0a0bdcb9e0598ce86f48c77f7fc2607bdbe440014463eb0f9f
Static task
static1
Behavioral task
behavioral1
Sample
flWhrV1J6MAi1kS.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.spatren.com/k0f/
uao2o.info
hehe2.net
beautyqueenstores.com
chataan.com
brazzers-shop.biz
evolutionareligion.com
laysusannausboko.com
idewweddings.com
superwebox.com
moviesfan.net
deal-mix.com
infrarotgrilltest.info
corelesseposrolls.com
mpbrandl-finetrade-gamma.com
statement-log-in.info
romita4harrison.com
cpateamconsultant.com
gxdiaoyu.com
motocenterlaba.com
mlrs1314.com
theartistgym.com
44000163.com
autismtherapycareers.com
southern120.com
florartist.com
bulkingsteroidscycles.com
marcasfashion.com
luga.ltd
amfeicai.com
wolfzh.com
njartiuedu.com
theblacksheepmalta.com
gringouno.com
mercadocorrea.com
member-suport-appld.com
noticiasparaeldia.com
noflamecooker.com
thorpedomains.com
zenmeting.com
hamaridharohar.com
fastestgrowingtechnology.com
mkdcollege.com
ecowastribune.com
financialplanner.cloud
capetown360.net
uzkbpcbhdggp.site
safetwater.com
t-online-de.biz
pinnaclepalmsprings.com
ambconstructioninc.com
printpeacock.biz
fattireflights.com
adultsgetnaughty.com
karavango.com
jasonmildwaters.com
aliveness.online
zepolauto.com
connectowork.com
0p3nine.loan
xn--bb0bw4m92e.com
pratalaw.com
kutuk.online
jsh-tech.com
sptor.net
Targets
-
-
Target
flWhrV1J6MAi1kS.exe
-
Size
345KB
-
MD5
61a281d6005afdcb7b9f25b16e71bff3
-
SHA1
a380e614531478c3adf122e78568308e8a46f5c5
-
SHA256
9148c87726f97b18e044b9059a608a3b809ae02a795d44c1609bff24232c45ac
-
SHA512
bc174c366bfefc2acabdaa9b7548a726db82ff408cc145d85d5d7b0400e129d6688aa07928e0dd0a0bdcb9e0598ce86f48c77f7fc2607bdbe440014463eb0f9f
-
Formbook Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-