General
-
Target
74852.exe
-
Size
231KB
-
Sample
210113-5phjkctwnj
-
MD5
e295cb54968cb6f3575a7caf32fe7f5a
-
SHA1
84405250603351ebe538e7ae34812704c0c3f480
-
SHA256
15198bfd2fbc367f07a22c6b39ea4e658dfea4a51b74cb4a653eb4b936ad3db0
-
SHA512
fb5be96870170a769262214bd72a356b6e845328a3838b3ebdb9e8d5f5b8d09c95e992acad00e7c24762d8e351daf6e1810ad44515374f2261f9a3565d857880
Static task
static1
Behavioral task
behavioral1
Sample
74852.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.theproducersagent.com/nf3n/
lcwiremsh.com
aliyunpan.host
asiareddot.com
russcrim.com
onewithnature.store
mypilot.net
bonniebythebeach.com
euvinarede.com
xdbw688.com
carbuyerforcashmorgantown.com
dianna-ploss.com
jbsolb.com
homemademoneymaker.com
m9wa.com
westgatepaintedmountain.com
bobbiejcochran.com
templated.net
xn--kasvomaskitnetist-6qb.com
alliancefinancialgroupusa.com
deungmaru.com
memorialinsg.com
theministrytofreedom.com
wildtentz.com
speak-prestige.info
jlwebex.com
arslanevdenevenakliyat.com
olearestaurntgrp.com
woleriutx.com
iomola.com
ozdisplay.com
the-lookout.store
psm-gen.com
fishbitedogtreats.com
safekillindia.com
ifeelthevoice.com
freefireturner.com
cordialiving.com
creplushealthplans.com
pciappky.com
bodyhousegr.com
loanprogram.net
robertnhenry.com
claautogroup.com
eternylyze.com
bahsegel65.com
tvory.net
jaquesxpress.com
tradcade.com
lysander-hamburg.com
borokish.com
chromehygiene.com
bliss2me.com
truthaboutnickgordon.com
blue-line-coffee.com
baidu4.net
remotelokal.com
nazisrus.com
xindedb.com
happy-property.com
villagora.com
b8glpk11.xyz
wingateofhouston.com
colregistry.com
api2088.com
Targets
-
-
Target
74852.exe
-
Size
231KB
-
MD5
e295cb54968cb6f3575a7caf32fe7f5a
-
SHA1
84405250603351ebe538e7ae34812704c0c3f480
-
SHA256
15198bfd2fbc367f07a22c6b39ea4e658dfea4a51b74cb4a653eb4b936ad3db0
-
SHA512
fb5be96870170a769262214bd72a356b6e845328a3838b3ebdb9e8d5f5b8d09c95e992acad00e7c24762d8e351daf6e1810ad44515374f2261f9a3565d857880
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-