General
-
Target
Shipment Document BLINV And Packing List Attached.exe
-
Size
747KB
-
Sample
201125-dzhtwvd1he
-
MD5
7256f55e3799e137d508dd414840f875
-
SHA1
a44d83cd22588ae93e01a66fc10f07e59de2ae56
-
SHA256
1878871ffe22529eff69bc07e62350532cbd2a830874bc090c9c72c2b8742a24
-
SHA512
cb44f68b999157bfcb01712caf261d887e5f09b86a8bd810d23871d594f67ce1130f26455707e197785945115f01ec37f448c5923010b52555e34e4f97e3f3f6
Static task
static1
Behavioral task
behavioral1
Sample
Shipment Document BLINV And Packing List Attached.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.pamforprogress.com/bg8v/
patrickzajda.com
40ye.com
foxyivys.com
higherstatusfreebook.com
pharmxpert.net
buyinglover.com
eresuli.com
officerrustensheskey.com
ghoster.agency
susanchanportfolio.com
etreunheros.com
yavcxas.com
jasonrbradwell.com
tods.info
hawksltd.com
rankpicker.net
rachelraydiet.com
foolishdrivers.com
amtpsychology.com
hffc365.com
triviumpoint.com
mymathstest.com
moonlightmoviestx.com
modelbyvmj.com
adhdo.net
melhist.com
masquesgratuits.com
lxcloakjs.site
zjnbxcy.com
designthnkr.com
myeyepupil.com
sunsetemploymentny.com
stkclass.com
octoberx2.online
critterapp.com
mytcfb.com
trumpdrama.com
sensoryshirts.com
inspiredartistsproductions.com
petereid.xyz
copyright-helpcentre-ig.com
drinkdel.com
kanmra.com
tinyhomeshopping.com
lb-s24b.online
freebayag.info
denso-si-solution.com
xifrainternacional.com
sausathaco.com
floratend.com
incomecoach.info
oarlike.com
dupedesigns.com
demanumachina.com
dreamwcandles.com
toledoinstruments.com
stageleftusa.com
jibenentreprenad.mobi
aconweb.com
wakethephoenix.com
veryinteresthing.com
reason.institute
adraeklo.com
dentistandlaboratories.com
Targets
-
-
Target
Shipment Document BLINV And Packing List Attached.exe
-
Size
747KB
-
MD5
7256f55e3799e137d508dd414840f875
-
SHA1
a44d83cd22588ae93e01a66fc10f07e59de2ae56
-
SHA256
1878871ffe22529eff69bc07e62350532cbd2a830874bc090c9c72c2b8742a24
-
SHA512
cb44f68b999157bfcb01712caf261d887e5f09b86a8bd810d23871d594f67ce1130f26455707e197785945115f01ec37f448c5923010b52555e34e4f97e3f3f6
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-