General
-
Target
61b73554fb05d79c58046660462acda8.exe
-
Size
819KB
-
Sample
210111-6cpf5ehn8a
-
MD5
61b73554fb05d79c58046660462acda8
-
SHA1
a5972374dc0e9377e6b1badeed0a4235d3f43ab0
-
SHA256
d28c56accd73a0c2d4c5a62a288ae12af64ee719ac6060ef2c7ea9be3c5d400f
-
SHA512
6b5f69f1d8acaebbc93c98f8364bd15028031ebe3e41d8d1372b00b1647320af9718b4a4c9a632423e1387d7299d52e30c2657b0b617be53953675bbdf0247ad
Static task
static1
Behavioral task
behavioral1
Sample
61b73554fb05d79c58046660462acda8.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.herbmedia.net/csv8/
slgacha.com
oohdough.com
6983ylc.com
aykassociate.com
latin-hotspot.com
starrockindia.com
beamsubway.com
queensboutique1000.com
madbaddie.com
bhoomimart.com
ankitparivar.com
aldanasanchezmx.com
citest1597669833.com
cristianofreitas.com
myplantus.com
counterfeitmilk.com
8xf39.com
pregnantwomens.com
yyyut6.com
stnanguo.com
fessusesefsee.com
logansshop.net
familydalmatianhomes.com
accessible.legal
epicmassiveconcepts.com
indianfactopedia.com
exit-divorce.com
colliapse.com
nosishop.com
hayat-aljowaily.com
soundon.events
previnacovid19-br.com
traptlongview.com
splendidhotelspa.com
masterzushop.com
ednevents.com
studentdividers.com
treningi-enduro.com
hostingcoaster.com
gourmetgroceriesfast.com
thesouthbeachlife.com
teemergin.com
fixmygearfast.com
arb-invest.com
shemaledreamz.com
1819apparel.com
thedigitalsatyam.com
alparmuhendislik.com
distinctmusicproductions.com
procreditexpert.com
insights4innovation.com
jzbtl.com
1033325.com
sorteocamper.info
scheherazadelegault.com
glowportraiture.com
cleitstaapps.com
globepublishers.com
stattests.com
brainandbodystrengthcoach.com
magenx2.info
escaparati.com
wood-decor24.com
travelnetafrica.com
Targets
-
-
Target
61b73554fb05d79c58046660462acda8.exe
-
Size
819KB
-
MD5
61b73554fb05d79c58046660462acda8
-
SHA1
a5972374dc0e9377e6b1badeed0a4235d3f43ab0
-
SHA256
d28c56accd73a0c2d4c5a62a288ae12af64ee719ac6060ef2c7ea9be3c5d400f
-
SHA512
6b5f69f1d8acaebbc93c98f8364bd15028031ebe3e41d8d1372b00b1647320af9718b4a4c9a632423e1387d7299d52e30c2657b0b617be53953675bbdf0247ad
-
Xloader Payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-