General
-
Target
SecuriteInfo.com.Variant.Bulz.229258.13751.2423
-
Size
1.1MB
-
Sample
201125-vvlb1dqvc6
-
MD5
38277d6e24f7210e5b8d77a337ae51d1
-
SHA1
b31a7b97f75c7f296bef9eb6d5c2a585bf1d802d
-
SHA256
9728048925e7faf422c4d7bacfaa90fae8bdcc9efad8a0868b456f3d4b213d09
-
SHA512
cac75de9024dae4ee011e7957cb410ee8e79550aa37ae184371884a6495e2dd90cc1448a9248dd5ef3e7090288c3cdb5696c99dc433e42a375eaabbf0c9827f7
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Bulz.229258.13751.2423.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.mommabearmoney.com/et2d/
wcaconline.com
travelbackpackss.com
ao-m-nishinomiya.com
tilania.com
vegbydesign.net
mybabysisterscloset.com
sanctitude-cuspidated.com
russtybeats.com
dichvubangchuan.com
su-seikatu.info
eratosantorini.com
ninetofivemama.com
delishany.com
pawchamamapet.net
nissicloud.com
strictlyotaku.net
kissmanga.pro
appalachianfx.com
aralending.com
forbrighterlife.com
manhe3.com
cas100.com
kayabrands.net
innerworkshops.love
kforkidz.com
niulorge.com
thelittleredcraftshack.com
583846.com
dutchesspistolpermit.com
gempharmatechllc.com
hatiyhgsnterahs.com
grooming-gigi.com
wevertexinc.com
brazil920.com
loan-stalemate.info
cleanerkitchen-shop.com
lilyamore.com
invest-eight.com
cfa-cuu.com
k978-k2bsp-mr.net
essisoasesorias.com
mechaf.com
danmerinc.com
prestigehometransformations.com
brandsincart.com
dichvuviplike.pro
bigiproperty.com
mysteryblack.com
magentos6.com
pilotsugardaddys.net
securityacadamy.com
media-cruise.com
sloppyasians.com
unempioymentpua.com
texasrefinances.com
hellogringa.com
vspectra.site
lakewoodcharity.com
lowdownlocal.com
jedzeniomat.com
sellmyhouseolympia.com
halsmart.info
lailraw.com
reapen.com
Targets
-
-
Target
SecuriteInfo.com.Variant.Bulz.229258.13751.2423
-
Size
1.1MB
-
MD5
38277d6e24f7210e5b8d77a337ae51d1
-
SHA1
b31a7b97f75c7f296bef9eb6d5c2a585bf1d802d
-
SHA256
9728048925e7faf422c4d7bacfaa90fae8bdcc9efad8a0868b456f3d4b213d09
-
SHA512
cac75de9024dae4ee011e7957cb410ee8e79550aa37ae184371884a6495e2dd90cc1448a9248dd5ef3e7090288c3cdb5696c99dc433e42a375eaabbf0c9827f7
-
Formbook Payload
-
Suspicious use of SetThreadContext
-