General
-
Target
ab62532db045fc659e00887f83800dd1.exe
-
Size
1.0MB
-
Sample
210113-t52dj96kex
-
MD5
ab62532db045fc659e00887f83800dd1
-
SHA1
ffe9b4472a606730610d7fe3241292db91ed8879
-
SHA256
9548c6a9da2d6cee9d27565c0055be4429cabfae9287ab3e525aaba66fd67032
-
SHA512
e11bb17e2052831ef68a8301ea684668c8ef9300b80611cc0342c38cab4f6528143026885244eb4d5e5b84f5ae411a95981ab72348fdba2a4db86a5030745535
Static task
static1
Behavioral task
behavioral1
Sample
ab62532db045fc659e00887f83800dd1.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.herbmedia.net/csv8/
slgacha.com
oohdough.com
6983ylc.com
aykassociate.com
latin-hotspot.com
starrockindia.com
beamsubway.com
queensboutique1000.com
madbaddie.com
bhoomimart.com
ankitparivar.com
aldanasanchezmx.com
citest1597669833.com
cristianofreitas.com
myplantus.com
counterfeitmilk.com
8xf39.com
pregnantwomens.com
yyyut6.com
stnanguo.com
fessusesefsee.com
logansshop.net
familydalmatianhomes.com
accessible.legal
epicmassiveconcepts.com
indianfactopedia.com
exit-divorce.com
colliapse.com
nosishop.com
hayat-aljowaily.com
soundon.events
previnacovid19-br.com
traptlongview.com
splendidhotelspa.com
masterzushop.com
ednevents.com
studentdividers.com
treningi-enduro.com
hostingcoaster.com
gourmetgroceriesfast.com
thesouthbeachlife.com
teemergin.com
fixmygearfast.com
arb-invest.com
shemaledreamz.com
1819apparel.com
thedigitalsatyam.com
alparmuhendislik.com
distinctmusicproductions.com
procreditexpert.com
insights4innovation.com
jzbtl.com
1033325.com
sorteocamper.info
scheherazadelegault.com
glowportraiture.com
cleitstaapps.com
globepublishers.com
stattests.com
brainandbodystrengthcoach.com
magenx2.info
escaparati.com
wood-decor24.com
travelnetafrica.com
Targets
-
-
Target
ab62532db045fc659e00887f83800dd1.exe
-
Size
1.0MB
-
MD5
ab62532db045fc659e00887f83800dd1
-
SHA1
ffe9b4472a606730610d7fe3241292db91ed8879
-
SHA256
9548c6a9da2d6cee9d27565c0055be4429cabfae9287ab3e525aaba66fd67032
-
SHA512
e11bb17e2052831ef68a8301ea684668c8ef9300b80611cc0342c38cab4f6528143026885244eb4d5e5b84f5ae411a95981ab72348fdba2a4db86a5030745535
-
Xloader Payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-