General
-
Target
13012021.exe
-
Size
1.0MB
-
Sample
210113-3bj9546pxa
-
MD5
2178794f0f12d01f85d909a5131e12c8
-
SHA1
f39ae8144d690f439d5eda69c74bfe6ed9de4513
-
SHA256
2449800b54909498a549817cc5bd9b8fc610a0d7ef6fd2bfda0d370783da8d32
-
SHA512
c4226dbc8935e464fa052c8457951375fdef3a50ead3d6207ba9906211c0876d3ae573698dc39919bc5027fa08233e79159edf2706ac9bc2e6b376b3f2c9e3b4
Static task
static1
Behavioral task
behavioral1
Sample
13012021.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.timoniks.com/rbg/
fingermode.com
parkplace.finance
hollandgreen2020.com
starbets.site
vehiculesfrigorifiques.com
sydiifinancial.com
rpivuenation.com
freesubdirectory.com
independencepartynyc.com
dogruparti.info
independencecountyclub.com
midnightlashesbykim.com
digitalsept.com
whatilikeabouttoday.com
marktplaatsaccount.info
13400667334.com
xinwei-ge.com
login-appleid.info
momashands.com
kennyxpress.com
yushin2733.com
olenfex.com
agorabookstore.com
iotajinn.com
511tea.com
sullian.com
virtuallawyerservices.com
machineryhunters.online
mintamuntaz.com
sunflowerhybrid.com
hocbai24h.com
bundletvdeal.com
engjape.com
villamariaapartments.com
arabaozellikleri.net
fortheloveofdawg.com
mullinsmusicministry.com
rescuecellphones.com
infinityenterpriselr.com
humormug.com
summitplazagurgaon.com
rogo24.com
apluspartybus.com
chernliyfashion.com
presentvaluecore.com
bangbangfactory.com
leandroresolve.com
hk6628.com
anotherheadache.com
jiemanwu.com
a1dandyhandyman.com
pennsylvaniacraft.com
vrank.icu
avivemg.icu
littlestarenglish.com
jrprofessionale.com
belze.net
svtrbu.com
healthpassportasia.com
kadakudu.com
rahatindir.com
seamssewmuchbetter.com
brancusi.net
ido.lgbt
Targets
-
-
Target
13012021.exe
-
Size
1.0MB
-
MD5
2178794f0f12d01f85d909a5131e12c8
-
SHA1
f39ae8144d690f439d5eda69c74bfe6ed9de4513
-
SHA256
2449800b54909498a549817cc5bd9b8fc610a0d7ef6fd2bfda0d370783da8d32
-
SHA512
c4226dbc8935e464fa052c8457951375fdef3a50ead3d6207ba9906211c0876d3ae573698dc39919bc5027fa08233e79159edf2706ac9bc2e6b376b3f2c9e3b4
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-