General
-
Target
15012021.exe
-
Size
896KB
-
Sample
210115-1yqqjbydr2
-
MD5
49eaef0a7cb0cb134803b5f0697dde4b
-
SHA1
74c9d06f4ffb47f349e68aeafa7d599ce240815b
-
SHA256
9a9ac9671ba6e6954776498cf28264d6c1742bc52fb070d7736d83a3582a14c8
-
SHA512
6d03e0521eac228a5077a2c994a2d3a6660940b2415c3e5f2642baeddbc7ff2f814c11f99e16a43c11f62dca5a0ced647d903ff4a75cedfd792e7d98cf1b66c9
Static task
static1
Behavioral task
behavioral1
Sample
15012021.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.timoniks.com/rbg/
fingermode.com
parkplace.finance
hollandgreen2020.com
starbets.site
vehiculesfrigorifiques.com
sydiifinancial.com
rpivuenation.com
freesubdirectory.com
independencepartynyc.com
dogruparti.info
independencecountyclub.com
midnightlashesbykim.com
digitalsept.com
whatilikeabouttoday.com
marktplaatsaccount.info
13400667334.com
xinwei-ge.com
login-appleid.info
momashands.com
kennyxpress.com
yushin2733.com
olenfex.com
agorabookstore.com
iotajinn.com
511tea.com
sullian.com
virtuallawyerservices.com
machineryhunters.online
mintamuntaz.com
sunflowerhybrid.com
hocbai24h.com
bundletvdeal.com
engjape.com
villamariaapartments.com
arabaozellikleri.net
fortheloveofdawg.com
mullinsmusicministry.com
rescuecellphones.com
infinityenterpriselr.com
humormug.com
summitplazagurgaon.com
rogo24.com
apluspartybus.com
chernliyfashion.com
presentvaluecore.com
bangbangfactory.com
leandroresolve.com
hk6628.com
anotherheadache.com
jiemanwu.com
a1dandyhandyman.com
pennsylvaniacraft.com
vrank.icu
avivemg.icu
littlestarenglish.com
jrprofessionale.com
belze.net
svtrbu.com
healthpassportasia.com
kadakudu.com
rahatindir.com
seamssewmuchbetter.com
brancusi.net
ido.lgbt
Targets
-
-
Target
15012021.exe
-
Size
896KB
-
MD5
49eaef0a7cb0cb134803b5f0697dde4b
-
SHA1
74c9d06f4ffb47f349e68aeafa7d599ce240815b
-
SHA256
9a9ac9671ba6e6954776498cf28264d6c1742bc52fb070d7736d83a3582a14c8
-
SHA512
6d03e0521eac228a5077a2c994a2d3a6660940b2415c3e5f2642baeddbc7ff2f814c11f99e16a43c11f62dca5a0ced647d903ff4a75cedfd792e7d98cf1b66c9
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-