General
-
Target
PT300975-inv.exe
-
Size
546KB
-
Sample
201126-xfscpr8hq2
-
MD5
025544a9014cf1667e8a1d4ff68da253
-
SHA1
0123853e7960cdae4f3ad95945b4ec86adbb93c6
-
SHA256
2858bfcb9388b05049df45459ee60bf96be0b0d75a3be34cf3c00f57ec9f4469
-
SHA512
a22db404c3a154339b3cd6d4a4227f319f6cb99d103346856ffd6fd249fe08bace4f528f185edc25c0672ae03b2e14c87b31b0b2d0728372c5893821b5a43068
Static task
static1
Behavioral task
behavioral1
Sample
PT300975-inv.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.registeredagentfirm.com/jqc/
strahlenschutz.digital
soterppe.com
wlw-hnlt.com
topheadlinetowitness-today.info
droriginals.com
baculatechie.online
definity.finance
weddingmustgoon.com
ludisenofloral.com
kenniscourtureconsignments.com
dl888.net
singledynamics.com
internetmarkaching.com
solidconstruct.site
ip-freight.com
11sxsx.com
incomecontent.com
the343radio.com
kimberlygoedhart.net
dgdoughnuts.net
vivethk.com
st-reet.com
luxusgrotte.com
hareland.info
fitdramas.com
shakahats.com
cositasdepachecos.com
lhc965.com
5hnjy.com
zoommedicaremeetings.com
bebywye.site
ravenlewis.com
avia-sales.xyz
screwtaped.com
xaustock.com
hongreng.xyz
lokalised.com
neosolutionsllc.com
ecandkllc.com
sistertravelalliance.com
brotherhoodoffathers.com
mybestme.store
vigilantdis.com
sqatzx.com
kornteengoods.com
miamiwaterworld.com
mywillandmylife.com
novergi.com
eaglesnestpropheticministry.com
sterlworldshop.com
gabriellagullberg.com
toweroflifeinc.com
tiendazoom.com
dividupe.com
szyulics.com
theorangepearl.com
hotvidzhub.download
asacal.com
systemedalarmebe.com
margosbest.com
kathymusic.com
quintred.com
mad54.art
simplification.business
Targets
-
-
Target
PT300975-inv.exe
-
Size
546KB
-
MD5
025544a9014cf1667e8a1d4ff68da253
-
SHA1
0123853e7960cdae4f3ad95945b4ec86adbb93c6
-
SHA256
2858bfcb9388b05049df45459ee60bf96be0b0d75a3be34cf3c00f57ec9f4469
-
SHA512
a22db404c3a154339b3cd6d4a4227f319f6cb99d103346856ffd6fd249fe08bace4f528f185edc25c0672ae03b2e14c87b31b0b2d0728372c5893821b5a43068
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Formbook Payload
-
Suspicious use of SetThreadContext
-