General
-
Target
06aafd2382d63afc9874125e5c1062b0.exe
-
Size
326KB
-
Sample
210114-64nw7vzzke
-
MD5
06aafd2382d63afc9874125e5c1062b0
-
SHA1
e3b553368eec14ea84ba32f291a17dc614c64670
-
SHA256
92420ebd5feeb4171db8a4877ac6eb2dd594fd4d07192408b26aa9b98c5d048d
-
SHA512
cd317df3b6f9b86e3b3c2eef38d5b4fb8900562aae920c08607075fe6fd3e01480035f6ffb4188cae49c37faebd6ed626a2da457c75d99ba1535a42d2a690b27
Static task
static1
Behavioral task
behavioral1
Sample
06aafd2382d63afc9874125e5c1062b0.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.evana-rohanihijab.com/iic6/
capableandresilient.com
listaprzygod.com
cashhomeprogram.com
aboutwheelchair.com
clk4milli.club
asakitreks.com
liquiddreamworld.com
uqur88.com
bestifystore.com
arancionehq.xyz
mmoimperium.com
houxinjian.com
satmonitoring.com
tidalhaven.com
blcdevelopers.com
piratesofthefun.com
kadopulsa.com
xn--o39au6k0nm4rghsaq0c.net
wxxxtw.com
kyrtjf.com
rapid-rewards.club
powerschoolnocca.com
naturalorganizing.com
auzura.net
royalcopystar.com
crowdcork.com
xtrememasksanitizer.com
sia-38.com
forthathletics.com
nissy-fore.com
ofertaze.com
gammachi1925.xyz
escortslove.com
naiyou-navi.com
visiontoinvest.com
thatlifeclothingco.com
eucmia.info
alamaula.sucks
tidalgin.com
netleyholdings.space
mascofarms.com
xn--teakdck-9wa.net
powerlotusengineering.com
wearsd.com
postdatabits.com
bossabars.net
myivynest.com
newcovburgawnc.com
goldyslotvip.com
jxappc.com
gabrielrasskin.com
nakshatrabeachresort.com
reigninglegacy.net
ghelyoun.net
obgynpatientnews.com
cafebabe.net
enuyu.net
best4ufoods.com
institutodederechoygobierno.com
areralind.com
open-osrs.net
mixtaks.life
qtmeters.com
haxb33.xyz
Targets
-
-
Target
06aafd2382d63afc9874125e5c1062b0.exe
-
Size
326KB
-
MD5
06aafd2382d63afc9874125e5c1062b0
-
SHA1
e3b553368eec14ea84ba32f291a17dc614c64670
-
SHA256
92420ebd5feeb4171db8a4877ac6eb2dd594fd4d07192408b26aa9b98c5d048d
-
SHA512
cd317df3b6f9b86e3b3c2eef38d5b4fb8900562aae920c08607075fe6fd3e01480035f6ffb4188cae49c37faebd6ed626a2da457c75d99ba1535a42d2a690b27
-
Formbook Payload
-
Suspicious use of SetThreadContext
-