General
-
Target
92ff500a693078263908c83b4b290481.exe
-
Size
569KB
-
Sample
210113-wzk4brar5j
-
MD5
92ff500a693078263908c83b4b290481
-
SHA1
fa5dcc6012c71490efdf320791a90c7a18958a95
-
SHA256
767b1b32d4ac4cec73967590ca5b28c3e0f4d709c0773e3f4021774f15a2483a
-
SHA512
8478c8b88309d55c83ab4a5f3af0367f19bb02a2b62db4a790ff7e867aa0ffe422cd4d177bbd3ad25d19cd0049ed196ec3910a72c7e3935fed0991cc783f0d1d
Static task
static1
Behavioral task
behavioral1
Sample
92ff500a693078263908c83b4b290481.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.herbmedia.net/csv8/
slgacha.com
oohdough.com
6983ylc.com
aykassociate.com
latin-hotspot.com
starrockindia.com
beamsubway.com
queensboutique1000.com
madbaddie.com
bhoomimart.com
ankitparivar.com
aldanasanchezmx.com
citest1597669833.com
cristianofreitas.com
myplantus.com
counterfeitmilk.com
8xf39.com
pregnantwomens.com
yyyut6.com
stnanguo.com
fessusesefsee.com
logansshop.net
familydalmatianhomes.com
accessible.legal
epicmassiveconcepts.com
indianfactopedia.com
exit-divorce.com
colliapse.com
nosishop.com
hayat-aljowaily.com
soundon.events
previnacovid19-br.com
traptlongview.com
splendidhotelspa.com
masterzushop.com
ednevents.com
studentdividers.com
treningi-enduro.com
hostingcoaster.com
gourmetgroceriesfast.com
thesouthbeachlife.com
teemergin.com
fixmygearfast.com
arb-invest.com
shemaledreamz.com
1819apparel.com
thedigitalsatyam.com
alparmuhendislik.com
distinctmusicproductions.com
procreditexpert.com
insights4innovation.com
jzbtl.com
1033325.com
sorteocamper.info
scheherazadelegault.com
glowportraiture.com
cleitstaapps.com
globepublishers.com
stattests.com
brainandbodystrengthcoach.com
magenx2.info
escaparati.com
wood-decor24.com
travelnetafrica.com
Targets
-
-
Target
92ff500a693078263908c83b4b290481.exe
-
Size
569KB
-
MD5
92ff500a693078263908c83b4b290481
-
SHA1
fa5dcc6012c71490efdf320791a90c7a18958a95
-
SHA256
767b1b32d4ac4cec73967590ca5b28c3e0f4d709c0773e3f4021774f15a2483a
-
SHA512
8478c8b88309d55c83ab4a5f3af0367f19bb02a2b62db4a790ff7e867aa0ffe422cd4d177bbd3ad25d19cd0049ed196ec3910a72c7e3935fed0991cc783f0d1d
-
Xloader Payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-