General
-
Target
STATEMENT OF ACCOUNTS.exe
-
Size
464KB
-
Sample
201109-yedawseqcs
-
MD5
bbb834f13790a853aafd0d0adab527f4
-
SHA1
8b20c41d9c082642d9d7c858105d224b81f6fdc2
-
SHA256
c1b2a36d08dfb9bc18d53112299e6cef0c5057885918a4485b8f1b87a20d709a
-
SHA512
68303db868b5bf9897e636caf946c5dde5cf28e0590649e1f8e4b0e998eb7c1ea599b87c95f6f7361effcf6fb04737168ed15d9aad95e77acae3dfb619cfe87b
Static task
static1
Behavioral task
behavioral1
Sample
STATEMENT OF ACCOUNTS.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.salomdy.com/nfl/
giacamp.net
qb51.party
mashalevine.com
russiasexdating.com
jitangyy.com
morockin.com
karoreiss.com
tractionhero.today
bienvenueenprovence.net
stormharbour.info
61999h.com
tryandcert.com
bestwaytosuccess.com
laobaochang.com
otomatiktente.com
rehpb.info
ivpdqb.info
dc-wv-wv-ie-q.com
goingmagic.com
cimachain.com
northernengage360.com
wastewatertreatment.systems
coinopy.com
shoudami.com
mobilbahis.world
qshkr.com
okccashforhouses.com
mattressesspot.com
fyou168.com
131bb6.com
browserangel.net
transliberte.com
bakir-sulfat.net
rossilawfirmny.com
timothy-kwan.com
sdhtxj.com
affluenttoronto.com
profile-lord.date
77eb0l.faith
worldcup.city
nytimesnews.net
sarahdigiulio.com
343manbet.com
archeryunion.com
bullitshield.com
wzhan.ink
thehamzas.info
fyrwrk.net
klassy-kinks.com
bolttorquechart.com
willingcake.com
mohameddarbal.com
e-chicha.com
healthyperfection.com
steklonti.com
beauxtaylor.com
186524.com
libertybarracks.com
urban-compositions.com
michaeljlee.net
planovafg1.com
merrint.com
416thencomassn.com
xn--2j1b95kqybe0ioxir3sl4c.com
Targets
-
-
Target
STATEMENT OF ACCOUNTS.exe
-
Size
464KB
-
MD5
bbb834f13790a853aafd0d0adab527f4
-
SHA1
8b20c41d9c082642d9d7c858105d224b81f6fdc2
-
SHA256
c1b2a36d08dfb9bc18d53112299e6cef0c5057885918a4485b8f1b87a20d709a
-
SHA512
68303db868b5bf9897e636caf946c5dde5cf28e0590649e1f8e4b0e998eb7c1ea599b87c95f6f7361effcf6fb04737168ed15d9aad95e77acae3dfb619cfe87b
-
Formbook Payload
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-