General
-
Target
Duty checklist and PTP letter.exe
-
Size
947KB
-
Sample
210112-jfcj8cnc1s
-
MD5
0a60258ac45444b45714c4f4d5b3a56a
-
SHA1
d24967d3f5f2e7fd1966525fe47ffbf26f5df23f
-
SHA256
f8efa3021228dad9812ac764085f791117265d9859bfb5ed21e07f04f1cb0b5f
-
SHA512
a5046ea57587541d069bf5d4dfdae272f080b63bf00895d2601901d43285e48686d71eee2b983c2d19c8ec7d0725780874f175e4bf03898a2dcc028b3b199615
Static task
static1
Behavioral task
behavioral1
Sample
Duty checklist and PTP letter.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.deejayatl.com/khm/
bizzglobal.com
sura-solutions.com
zhaofu7.com
electricindians.com
thedirtyreds.com
graalmilitaryofficial.com
yx-vinylglove.com
e-zenithonline.com
iric-canada.net
solrsmrtnrg.com
terdissuadablesouthe.net
farhadmagic.com
mysimplenook.com
melkavand.com
swirlinginlimbo.com
dentist-sandimas.com
88265536.com
88q18.com
kogiz.com
hasbiadam.com
kanziapparel.com
skyscanworld.com
greentablegoods.com
francescagraziella.com
bj-raytek.com
providenceclassical.net
yanlingbanjia.com
abcstudents.net
man-ass.com
9457-info.com
tabbys.art
kofanatrade.com
olenfex.com
cognitive11.net
moscopva.net
healthierndelicious.com
madameflowersbox.com
aigym365.com
latinforkmagazine.com
capperfoundation.com
sarahandmattswedding.com
axown.com
mystluciapages.com
znesty.com
escaperoomgeeks.com
dirtroadstv.com
citiroyalbn.com
vetoakleoe.com
computux.co.uk
dialite.pro
tarifaplana.info
oldschoolsayings.com
fidelrichard.icu
districthempfarm.com
thearchivevintage.com
cronusampora.com
gracelandremodeling.com
permsingroup.com
blacksheepjumper.com
infant-n-toddlers-world.com
crazy-wife.com
elafrocuba.com
gymkini.com
classour.com
Targets
-
-
Target
Duty checklist and PTP letter.exe
-
Size
947KB
-
MD5
0a60258ac45444b45714c4f4d5b3a56a
-
SHA1
d24967d3f5f2e7fd1966525fe47ffbf26f5df23f
-
SHA256
f8efa3021228dad9812ac764085f791117265d9859bfb5ed21e07f04f1cb0b5f
-
SHA512
a5046ea57587541d069bf5d4dfdae272f080b63bf00895d2601901d43285e48686d71eee2b983c2d19c8ec7d0725780874f175e4bf03898a2dcc028b3b199615
-
Formbook Payload
-
Suspicious use of SetThreadContext
-