General
-
Target
SCAN_20210112140930669.exe
-
Size
837KB
-
Sample
210112-h6wx49xpw6
-
MD5
0d7f35bd5d0a8f5e0b52db592ab5509c
-
SHA1
5300466a9a3ca11e3f90785ed8a13115e200def6
-
SHA256
f49e50532a7e5d312f8429c41e28848461651f671139a7590b64d9df029db998
-
SHA512
978f2d13f77d724a780fe33a5740b1735d95b03dae0e6a273cbf1101d13c8e3c7981b219433975ff42db7f97488b1868aa990d660713f702568e411ffc9b00f3
Static task
static1
Behavioral task
behavioral1
Sample
SCAN_20210112140930669.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.midnightblueinc.com/2kf/
edmondscakes.com
doublewldr.online
tickets2usa.com
heyhxry.com
weightloss-gulfport.com
prosselius.com
newviewroofers.com
jacksonarearealestate.com
catparkas.xyz
pagos2020.com
sonwsefjrahi.online
franchisethings.com
nuocvietngaynay.com
sohelvai.com
mikeyroush.com
lamesaroofing.com
betbigo138.com
amazon-service-recovery.com
clockin.net
riostrader.com
novergi.com
bounethone.online
unsaluted-muckworm.info
qmglg.com
trans-chna.com
bloom-cottage.info
espacioholista.com
vitrines72.com
vtnywveb.club
shelfdryrock.com
lowcountrykindermusik.com
brendolangiovanni.com
samilisback.com
coffeeofmyheart.com
moderndetailist.com
royalparkhotelandsuites.com
camsick.com
khoetuthiennhien.com
link-glue.com
zzirk.com
alyxthorne.com
tristateinsurancegroup.com
pdztwl.com
basecampmedics.com
orionbilisim.net
comaholic.com
sai-re.com
mimmodetullio.net
thevyvd.com
bookstorie.com
preparednessnow.net
lvtvmounting.com
anchondowedding.com
the-florida-accident-md.com
indyspirits.com
culture-of-safety.com
blue-003.com
federation-advens.com
junmedicare.com
qjnhilfhs.icu
chesed72.com
kingrvrentals.com
greenlightsuccesscoach.com
efrenjose.com
Targets
-
-
Target
SCAN_20210112140930669.exe
-
Size
837KB
-
MD5
0d7f35bd5d0a8f5e0b52db592ab5509c
-
SHA1
5300466a9a3ca11e3f90785ed8a13115e200def6
-
SHA256
f49e50532a7e5d312f8429c41e28848461651f671139a7590b64d9df029db998
-
SHA512
978f2d13f77d724a780fe33a5740b1735d95b03dae0e6a273cbf1101d13c8e3c7981b219433975ff42db7f97488b1868aa990d660713f702568e411ffc9b00f3
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-