General
-
Target
HSBC payment swift copy.exe
-
Size
939KB
-
Sample
210111-45vrw5wjen
-
MD5
a4157360da26197715f33249273aca5b
-
SHA1
1d7c9da78fccf8becc3dd7585f2a6a6882bc561f
-
SHA256
94ff08030a3e4421baf3ad3489d4d757dd4e8aab659aa8a06f99d2d81526d17e
-
SHA512
bc50504e9df77d05771a15d0667e26e7984487c44a9de30252ec49cd5299637246c16ebe51a00c8478860997b4b7b0c593017f9f6a25dfc0d26fc8053973f4e7
Static task
static1
Behavioral task
behavioral1
Sample
HSBC payment swift copy.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.deejayatl.com/khm/
bizzglobal.com
sura-solutions.com
zhaofu7.com
electricindians.com
thedirtyreds.com
graalmilitaryofficial.com
yx-vinylglove.com
e-zenithonline.com
iric-canada.net
solrsmrtnrg.com
terdissuadablesouthe.net
farhadmagic.com
mysimplenook.com
melkavand.com
swirlinginlimbo.com
dentist-sandimas.com
88265536.com
88q18.com
kogiz.com
hasbiadam.com
kanziapparel.com
skyscanworld.com
greentablegoods.com
francescagraziella.com
bj-raytek.com
providenceclassical.net
yanlingbanjia.com
abcstudents.net
man-ass.com
9457-info.com
tabbys.art
kofanatrade.com
olenfex.com
cognitive11.net
moscopva.net
healthierndelicious.com
madameflowersbox.com
aigym365.com
latinforkmagazine.com
capperfoundation.com
sarahandmattswedding.com
axown.com
mystluciapages.com
znesty.com
escaperoomgeeks.com
dirtroadstv.com
citiroyalbn.com
vetoakleoe.com
computux.co.uk
dialite.pro
tarifaplana.info
oldschoolsayings.com
fidelrichard.icu
districthempfarm.com
thearchivevintage.com
cronusampora.com
gracelandremodeling.com
permsingroup.com
blacksheepjumper.com
infant-n-toddlers-world.com
crazy-wife.com
elafrocuba.com
gymkini.com
classour.com
Targets
-
-
Target
HSBC payment swift copy.exe
-
Size
939KB
-
MD5
a4157360da26197715f33249273aca5b
-
SHA1
1d7c9da78fccf8becc3dd7585f2a6a6882bc561f
-
SHA256
94ff08030a3e4421baf3ad3489d4d757dd4e8aab659aa8a06f99d2d81526d17e
-
SHA512
bc50504e9df77d05771a15d0667e26e7984487c44a9de30252ec49cd5299637246c16ebe51a00c8478860997b4b7b0c593017f9f6a25dfc0d26fc8053973f4e7
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-