General
-
Target
SKM_C36821010708320.exe
-
Size
766KB
-
Sample
210113-v4y6f614g6
-
MD5
15d8096422d137c7388908bb2be61ec4
-
SHA1
e67d261ef38eb251fb97a466d83c95e75d286ebe
-
SHA256
fae57c2f185899220dff608004ab571822fc14cc02aa7e30b1cd5db7be4beea8
-
SHA512
83d38e2e5540d1a2790f834e62bd1cc6978eae92c6d70ca875b72e0d33852473b68b36b99c4fe05e3c100283dee6353e45f907eecbb9369d730c17c5c20bb1f5
Static task
static1
Behavioral task
behavioral1
Sample
SKM_C36821010708320.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.ameeraglow.com/6bu2/
shuttergame.com
beyondregions.com
cuttingedgetinting.com
riveraspanishfoods.com
jfksn.com
rtplay2020.com
idahofallsobituaries.com
qf432.com
magandaconfections.com
suremlak.com
tuproductividadpersonal.com
ziswmyxaw.icu
howtolovemybody.com
signpartnerpro.com
conservative-forward.com
bhscsh.com
todowine.com
garrettthermaldetector.com
bunbook.com
ehealthla.com
mojacreations.com
2kantxt.com
aqustea.com
sheilataman.com
phymath.science
sctuba.com
columbusestatesseniorliving.com
opyalliy.pro
bestgiftforu.com
cad-office-iserlohn.com
gorgeus-girl-full-service.today
easthaus-modern.com
snoozefest.online
service-xwcrvxsz.icu
flavourcosmetics.com
news247alert.com
944ka.xyz
bcheap3dmall.com
crepkonnect.com
purelili.com
pushupbras.net
ctsafaris.com
sprinkleforever.com
engagingsci.coach
aihint.com
icxrus.com
7vitrines.com
mrsgariepy.com
bikewitha.pro
adv-assist.com
youlacka.com
languagekickstart.com
commonscentsbychloe.com
o-tanemaki.com
wlgdrs.com
imbentaryo.com
winwithrundlemall.com
jumben.xyz
24k88lotto.com
bundlesofjoihair.com
bukannyaterbuai31.com
essentialeatscatering.com
brasseriedufayard.com
trumpvotr.com
Targets
-
-
Target
SKM_C36821010708320.exe
-
Size
766KB
-
MD5
15d8096422d137c7388908bb2be61ec4
-
SHA1
e67d261ef38eb251fb97a466d83c95e75d286ebe
-
SHA256
fae57c2f185899220dff608004ab571822fc14cc02aa7e30b1cd5db7be4beea8
-
SHA512
83d38e2e5540d1a2790f834e62bd1cc6978eae92c6d70ca875b72e0d33852473b68b36b99c4fe05e3c100283dee6353e45f907eecbb9369d730c17c5c20bb1f5
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-