General
-
Target
SCAN_20210115140930669.exe
-
Size
892KB
-
Sample
210115-4qtepz7sgx
-
MD5
c0aa1598d486cceab2fdea9a6c41ac0e
-
SHA1
21263c3f531b81d949bf15c486bc3aeb16b9bb00
-
SHA256
7aa65f77c48841f9f1545c2e5bb7cb186cd259631c4c449400206f1bb3d16d5e
-
SHA512
2bba64e13254b3b5dfe98fac0681335a23a801065ffc1a69a80e63d8144067f98edb8c0b252ab8953ac78798dc4b23e4bff188d9ad3508997f6dfa4b7e987c65
Static task
static1
Behavioral task
behavioral1
Sample
SCAN_20210115140930669.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.midnightblueinc.com/2kf/
edmondscakes.com
doublewldr.online
tickets2usa.com
heyhxry.com
weightloss-gulfport.com
prosselius.com
newviewroofers.com
jacksonarearealestate.com
catparkas.xyz
pagos2020.com
sonwsefjrahi.online
franchisethings.com
nuocvietngaynay.com
sohelvai.com
mikeyroush.com
lamesaroofing.com
betbigo138.com
amazon-service-recovery.com
clockin.net
riostrader.com
novergi.com
bounethone.online
unsaluted-muckworm.info
qmglg.com
trans-chna.com
bloom-cottage.info
espacioholista.com
vitrines72.com
vtnywveb.club
shelfdryrock.com
lowcountrykindermusik.com
brendolangiovanni.com
samilisback.com
coffeeofmyheart.com
moderndetailist.com
royalparkhotelandsuites.com
camsick.com
khoetuthiennhien.com
link-glue.com
zzirk.com
alyxthorne.com
tristateinsurancegroup.com
pdztwl.com
basecampmedics.com
orionbilisim.net
comaholic.com
sai-re.com
mimmodetullio.net
thevyvd.com
bookstorie.com
preparednessnow.net
lvtvmounting.com
anchondowedding.com
the-florida-accident-md.com
indyspirits.com
culture-of-safety.com
blue-003.com
federation-advens.com
junmedicare.com
qjnhilfhs.icu
chesed72.com
kingrvrentals.com
greenlightsuccesscoach.com
efrenjose.com
Targets
-
-
Target
SCAN_20210115140930669.exe
-
Size
892KB
-
MD5
c0aa1598d486cceab2fdea9a6c41ac0e
-
SHA1
21263c3f531b81d949bf15c486bc3aeb16b9bb00
-
SHA256
7aa65f77c48841f9f1545c2e5bb7cb186cd259631c4c449400206f1bb3d16d5e
-
SHA512
2bba64e13254b3b5dfe98fac0681335a23a801065ffc1a69a80e63d8144067f98edb8c0b252ab8953ac78798dc4b23e4bff188d9ad3508997f6dfa4b7e987c65
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-