General
-
Target
ins.exe
-
Size
311KB
-
Sample
210114-l3nz1geqz2
-
MD5
689ce116559e5aa27f5b8dcd91406e08
-
SHA1
6092abe31afd20dfaa023bba7d9c0e1c000236b3
-
SHA256
de6f5b39f4129ed442da26837a296a2b2e9573af841cc7fc41a5a72d4c673de7
-
SHA512
d315d45328a6e9b4af40600637f720a8b6df640253284e7f6860333d98b57062bec4c8dc88b195264b398b3e6808bd85ab128e3e6b7c18e99f25e545945a2606
Static task
static1
Behavioral task
behavioral1
Sample
ins.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.nationshiphop.com/hko6/
apartmentsineverettwa.com
forritcu.net
hotroodes.com
skinnerttc.com
royaltrustmyanmar.com
adreslog.com
kaysbridalboutiques.com
multitask-improvements.com
geniiforum.com
smarthomehatinh.asia
banglikeaboss.com
javlover.club
affiliateclubindia.com
mycapecoralhomevalue.com
comparamuebles.online
newrochellenissan.com
nairobi-paris.com
fwk.xyz
downdepot.com
nextgenmemorabilia.com
achonabu.com
stevebana.xyz
jacmkt.com
weownthenight187.com
divshop.pro
wewearceylon.com
skyreadymix.net
jaffacorner.com
bakerlibra.icu
femalecoliving.com
best20banks.com
millcityloam.com
signature-office.com
qlifepharmacy.com
dextermind.net
fittcycleacademy.com
davidoff.sucks
1033393.com
tutorsboulder.com
bonicc.com
goodberryjuice.com
zhaowulu.com
teryaq.media
a-zsolutionsllc.com
bitcoincandy.xyz
cfmfair.com
annefontain.com
princesssexyluxwear.com
prodigybrushes.com
zzhqp.com
hwcailing.com
translatiions.com
azery.site
wy1917.com
ringohouse.info
chartershome.com
thongtinhay.net
2201virginiacondo5.com
laurieryork.net
mujeresnegociantes.com
anchoriaswimwear.com
michaelsala.com
esdeportebici.com
ninjitsoo.com
Targets
-
-
Target
ins.exe
-
Size
311KB
-
MD5
689ce116559e5aa27f5b8dcd91406e08
-
SHA1
6092abe31afd20dfaa023bba7d9c0e1c000236b3
-
SHA256
de6f5b39f4129ed442da26837a296a2b2e9573af841cc7fc41a5a72d4c673de7
-
SHA512
d315d45328a6e9b4af40600637f720a8b6df640253284e7f6860333d98b57062bec4c8dc88b195264b398b3e6808bd85ab128e3e6b7c18e99f25e545945a2606
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-