General
-
Target
SMT20200616.exe
-
Size
311KB
-
Sample
201211-ewzkbf632s
-
MD5
9eda8430e6bf0bab3f1e7134b584cd1b
-
SHA1
03b3d3d673686f0bd4316bd99c0a135e6e3250ba
-
SHA256
1c22bad3a6eb408ec1f4d6ef50b04e2294a77979abc411f9dbb752e2b495345b
-
SHA512
6ad03fb677542c246814976b473d033c743d0cee598139f96cd91e1c0fb958bc0dba5ad712b9fc61c72df09fcdf1b762ef0ae77f5692d6b7f1252935eb40cf78
Static task
static1
Behavioral task
behavioral1
Sample
SMT20200616.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.sudelt.com/rk3/
cedarridgerussellterriers.com
zamperl-couture.com
8minutesprofitlink.com
yuyinyue.net
castleminerforum.com
habbodm.biz
tektlc.life
strive2thriveglobal.com
richen8.com
ettlingen.digital
clairegoals.com
clearptsd.biz
wxqingtai.com
matttoken.com
macopride.com
hudong.ltd
wirelessantalya.com
connectlibrary.com
ourtime.site
vitalitymax.life
com-accounts-updates.com
himalayanartcn.com
kreationmedia.com
shtaoren.com
btyeml.download
fujitasetsubi.com
saleshop.download
glutenfreeforme.biz
lefthandchurch.com
bestjnj.com
xn--vcsr9nkv1blui.net
topl2jservers.com
gmc.finance
bfcyjt.com
thegecko.online
m299999.com
kastanet1.com
avslzdcwqu777.com
moccasincreek.technology
wanderingstarstories.com
hiduphalal.com
fantastichentai.com
ekai-neuropsicologia.com
docdomy.com
getridofchronicfatigue.info
newreceiptrecent.com
capemaykungfu.com
sluttycamwhores.com
egeizreklam.com
southernwineoneline.com
077c9.com
xdobx.biz
stefhairbeauty.com
yagestore.com
ferratumbrazil.com
nevillepaterson.com
empireeliteshowcase.com
nenlamgi.com
shunfengtc.com
hannahlarae.com
digitalstartupbrands.com
fideruleltd.com
pinwx.com
marylburkhardt.com
Targets
-
-
Target
SMT20200616.exe
-
Size
311KB
-
MD5
9eda8430e6bf0bab3f1e7134b584cd1b
-
SHA1
03b3d3d673686f0bd4316bd99c0a135e6e3250ba
-
SHA256
1c22bad3a6eb408ec1f4d6ef50b04e2294a77979abc411f9dbb752e2b495345b
-
SHA512
6ad03fb677542c246814976b473d033c743d0cee598139f96cd91e1c0fb958bc0dba5ad712b9fc61c72df09fcdf1b762ef0ae77f5692d6b7f1252935eb40cf78
-
Formbook Payload
-
Adds policy Run key to start application
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-