General
-
Target
spptqzbEyNlEJvj.exe
-
Size
801KB
-
Sample
210114-46awa3e6xn
-
MD5
fac6e34cc6144304a2a4c9f59ad426cb
-
SHA1
c28d46950f2f4f163fca3fb042d33ab23a7c81e1
-
SHA256
43822089dc4bbbe3800a980d2ac64435c0b00dd18648c0fd56dda65b11af5a35
-
SHA512
3fbc3a9e6d707468d53cf5e0244b5e4c58a85e822605a4cd71b127620736a90d23915a5ba5eaaed825cd55da61e64b7efde7a2c8e6dd6909fa17acff1eb78ccc
Static task
static1
Behavioral task
behavioral1
Sample
spptqzbEyNlEJvj.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.asicprominer.com/umSa/
lessensations.com
growcerybank.com
rvworkforce.com
djangosports.com
jgrosinger.com
tongjiash.com
rianebrady.com
xiaoxu.info
allwaysautism.com
couturev.com
dantedikhali.com
sagamoreca.com
sandisyardsale.com
happizi.com
moonchildboxco.store
maquillajembp.com
sojubythebay.com
verdexwellness.com
authenticperiod.cloud
bitpreserve.com
southernstarescape.com
therobloids.net
123hpcomsetu.com
hongtinvn.com
magnoliarack.net
jiegaojc.com
provaavincere.com
freefiregarena20.com
laurenpathak.com
become-flightattendant.com
shanyagus.com
top12watches.com
dcdialysiscenter.com
lawandlawholdingsinc.com
madisonpears.com
cakesinchargecatering.com
nc500-accommodation.com
cypherium.academy
wingmanwallet.com
spit-commodity.com
nhimlike.com
givebitties.com
xn--iiqa6618cvla.xn--hxt814e
abilitiesin.com
premioscreatube.com
foodtock.com
nationalmakeawillmonth.net
vettedwealthmanagement.com
bingent.info
betslotspin.com
sportsenviron.com
epskate.com
rsoliver.com
philrealtorpro.com
novelchapter.com
proclipperz.com
andresbuendia.com
bookmyshemale.com
newwavepost.net
4pro.life
sippatrbpnbireuen.com
asbuilt.services
speedfreightlines.com
irgendwie-sterben.xyz
Targets
-
-
Target
spptqzbEyNlEJvj.exe
-
Size
801KB
-
MD5
fac6e34cc6144304a2a4c9f59ad426cb
-
SHA1
c28d46950f2f4f163fca3fb042d33ab23a7c81e1
-
SHA256
43822089dc4bbbe3800a980d2ac64435c0b00dd18648c0fd56dda65b11af5a35
-
SHA512
3fbc3a9e6d707468d53cf5e0244b5e4c58a85e822605a4cd71b127620736a90d23915a5ba5eaaed825cd55da61e64b7efde7a2c8e6dd6909fa17acff1eb78ccc
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-