General
-
Target
urgent specification request.exe
-
Size
1.0MB
-
Sample
210113-cepy13kzy2
-
MD5
72a9c8f82996953e9fa72e5e0b85afca
-
SHA1
33f74928d66e687c2f981f9219a92d936152cbaf
-
SHA256
931f6aeff35cea88af521bc2cdca24164113c47ab3153e148e33d5bce66313f4
-
SHA512
ed85947f1b9f04e1d84646386b635c05dce66f063b3095b9873adbfa5b6c14b7f4bcc385aa14c0a2da4efd772e9278a517f58ff6b31d7f654d325d2efd0fdddd
Static task
static1
Behavioral task
behavioral1
Sample
urgent specification request.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.timoniks.com/rbg/
fingermode.com
parkplace.finance
hollandgreen2020.com
starbets.site
vehiculesfrigorifiques.com
sydiifinancial.com
rpivuenation.com
freesubdirectory.com
independencepartynyc.com
dogruparti.info
independencecountyclub.com
midnightlashesbykim.com
digitalsept.com
whatilikeabouttoday.com
marktplaatsaccount.info
13400667334.com
xinwei-ge.com
login-appleid.info
momashands.com
kennyxpress.com
yushin2733.com
olenfex.com
agorabookstore.com
iotajinn.com
511tea.com
sullian.com
virtuallawyerservices.com
machineryhunters.online
mintamuntaz.com
sunflowerhybrid.com
hocbai24h.com
bundletvdeal.com
engjape.com
villamariaapartments.com
arabaozellikleri.net
fortheloveofdawg.com
mullinsmusicministry.com
rescuecellphones.com
infinityenterpriselr.com
humormug.com
summitplazagurgaon.com
rogo24.com
apluspartybus.com
chernliyfashion.com
presentvaluecore.com
bangbangfactory.com
leandroresolve.com
hk6628.com
anotherheadache.com
jiemanwu.com
a1dandyhandyman.com
pennsylvaniacraft.com
vrank.icu
avivemg.icu
littlestarenglish.com
jrprofessionale.com
belze.net
svtrbu.com
healthpassportasia.com
kadakudu.com
rahatindir.com
seamssewmuchbetter.com
brancusi.net
ido.lgbt
Targets
-
-
Target
urgent specification request.exe
-
Size
1.0MB
-
MD5
72a9c8f82996953e9fa72e5e0b85afca
-
SHA1
33f74928d66e687c2f981f9219a92d936152cbaf
-
SHA256
931f6aeff35cea88af521bc2cdca24164113c47ab3153e148e33d5bce66313f4
-
SHA512
ed85947f1b9f04e1d84646386b635c05dce66f063b3095b9873adbfa5b6c14b7f4bcc385aa14c0a2da4efd772e9278a517f58ff6b31d7f654d325d2efd0fdddd
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-