General
-
Target
RFQ January.exe
-
Size
914KB
-
Sample
210112-l7cpe6t4j6
-
MD5
5c06a1860366ed65d2baba0844342b5e
-
SHA1
0f75372b3010b9c9b70776ec6a0c1db85f6332ed
-
SHA256
c079b62cce0d0718c3b1f26c3f0f359a7df94acf7e75aea710979fe338ea1f4f
-
SHA512
00f7ae68aee9aa9530ba7b41f8be54cd58cfe4c8c29c88f2ac1afc50fe9e699f4053e13d2d018873d16c1483d2e336d289a78e9b15fb1be593fd5426fb9129f3
Static task
static1
Behavioral task
behavioral1
Sample
RFQ January.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.tokomw.com/wt8z/
blerdofmouth.com
talkheavy33.com
beautynewsreport.com
ashihun83.icu
fexkehv.icu
athe3bina.online
qkshu5.com
legendsfxmarketsreview.com
irisalerts.com
valkings.com
fullyplanted.com
jackmiramusic.com
stationcamphockey.com
ahlfb.com
detailsmatterinc.com
allenkohler.com
artefactoshop.com
quefarra.com
preloved.mobi
queenstyle.salon
mafheb.com
desdetv.net
xuongkhopchinhhang.xyz
coastalexpedited.com
moddevice.com
advancedriskservs.com
ovalprime.com
rediscovercacao.com
punjabidiner.com
psm-gen.com
disciplineandme.com
580-homes.com
chriswituik.com
mac-compost.com
officinadellapappa.com
eastlosrealestate.com
violethousing.com
bitzoptions.com
rmv-plexus.com
sound-virus.com
rollingrevenueroadmap.com
moknowstexting.com
soulseatedbooks.com
lapelfinehomes.com
tabakashi.com
idlatch.com
ifixcom.com
laut.xyz
lesionado911.com
australianonlinepharmacy.com
bornkidocare.com
pornoportail.com
playrighthomeschoolgroup.com
gotroasted.online
setoffiiceup.com
jerseydroneworks.com
shes-eco.com
wrinkledlady.com
kalpari.com
crexii.com
xn--el3bu3in8emoh.com
12257.xyz
digitalbank.center
chadsiphonerepair.com
Targets
-
-
Target
RFQ January.exe
-
Size
914KB
-
MD5
5c06a1860366ed65d2baba0844342b5e
-
SHA1
0f75372b3010b9c9b70776ec6a0c1db85f6332ed
-
SHA256
c079b62cce0d0718c3b1f26c3f0f359a7df94acf7e75aea710979fe338ea1f4f
-
SHA512
00f7ae68aee9aa9530ba7b41f8be54cd58cfe4c8c29c88f2ac1afc50fe9e699f4053e13d2d018873d16c1483d2e336d289a78e9b15fb1be593fd5426fb9129f3
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-