General
Static task
static1
URLScan task
urlscan1
Sample
https://wetransfer.com/downloads/e8b7c889fe2949f2a2df1d6ac42ffc3a20210111122729/f07c52
Malware Config
Extracted
formbook
http://www.deejayatl.com/khm/
bizzglobal.com
sura-solutions.com
zhaofu7.com
electricindians.com
thedirtyreds.com
graalmilitaryofficial.com
yx-vinylglove.com
e-zenithonline.com
iric-canada.net
solrsmrtnrg.com
terdissuadablesouthe.net
farhadmagic.com
mysimplenook.com
melkavand.com
swirlinginlimbo.com
dentist-sandimas.com
88265536.com
88q18.com
kogiz.com
hasbiadam.com
kanziapparel.com
skyscanworld.com
greentablegoods.com
francescagraziella.com
bj-raytek.com
providenceclassical.net
yanlingbanjia.com
abcstudents.net
man-ass.com
9457-info.com
tabbys.art
kofanatrade.com
olenfex.com
cognitive11.net
moscopva.net
healthierndelicious.com
madameflowersbox.com
aigym365.com
latinforkmagazine.com
capperfoundation.com
sarahandmattswedding.com
axown.com
mystluciapages.com
znesty.com
escaperoomgeeks.com
dirtroadstv.com
citiroyalbn.com
vetoakleoe.com
computux.co.uk
dialite.pro
tarifaplana.info
oldschoolsayings.com
fidelrichard.icu
districthempfarm.com
thearchivevintage.com
cronusampora.com
gracelandremodeling.com
permsingroup.com
blacksheepjumper.com
infant-n-toddlers-world.com
crazy-wife.com
elafrocuba.com
gymkini.com
classour.com
Targets
-
-
Target
https://wetransfer.com/downloads/e8b7c889fe2949f2a2df1d6ac42ffc3a20210111122729/f07c52
-
Formbook Payload
-
Suspicious use of SetThreadContext
-