General
-
Target
Paid Invoices_pdf.exe
-
Size
738KB
-
Sample
210115-729jdg9sje
-
MD5
0326b2ad0ec402ad9421d6dbb1d4b93e
-
SHA1
f52d2a7b483499334ce084671b874ee3ad921511
-
SHA256
7a0468a1843e1d6b3e6ad5bdb9f3e1ad2131349fbaf0ac9737f212bca59ce783
-
SHA512
fee6512b00c39a93f5aeb88d9fa6ccd96c2d8bdf6d1bfb53924e5dc002e2b450dd9028dcd9633ae0aa58bab036834d70ae74f1913009e8e092fe0ef02474a159
Static task
static1
Behavioral task
behavioral1
Sample
Paid Invoices_pdf.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.transparentpetcrate.com/lnb/
sauschwein.info
ywpntv.com
gironbeautysalon.online
cryptogeekstuff.com
leosrock.com
sistersv.space
ilss.life
vshuzi.com
europeanculinarymagic.com
mdtlalab.com
boletasenorden.com
eebushe11.com
sms8888.com
arrogantjerxs.com
aboudmotors.com
vzuels.com
searko.com
thathealthysoul.com
365wt38493984284.com
solarpanelsystemflorida.com
testdummylab.com
1728025.com
vrpreservation.com
reinadelosfrikis.com
questionmaze.com
standingstoneevents.com
achraflaabassi.com
austinsubarusouth.com
africa-pif.com
the-hidden-places.com
boobieneckpillow.com
dvisionz.com
charlottescaife.com
shahedahtextiles.com
celebratewithlawilliams.com
sochobadlo.com
soccervest.com
hqyc04.com
lovepeacejoygratitude.com
pamsphils.com
miaportfolio.site
bednhomes.com
centellagoodyear.com
trubluau.com
geraheselouine.com
elkinart.com
next-setup-file.xyz
rashiratan.xyz
memotrace.com
groupdating.club
netflx-updt78f.com
ramonaestudiocreativo.com
giveawayconsumers.xyz
toponeswap.com
bestiephone.com
lifeharness.com
bikerleatherz.com
property-pleasant.website
thediamondbydoron.com
gamesredar.club
tiresgreat.info
actevate.xyz
drblowers.com
nasosd.com
Targets
-
-
Target
Paid Invoices_pdf.exe
-
Size
738KB
-
MD5
0326b2ad0ec402ad9421d6dbb1d4b93e
-
SHA1
f52d2a7b483499334ce084671b874ee3ad921511
-
SHA256
7a0468a1843e1d6b3e6ad5bdb9f3e1ad2131349fbaf0ac9737f212bca59ce783
-
SHA512
fee6512b00c39a93f5aeb88d9fa6ccd96c2d8bdf6d1bfb53924e5dc002e2b450dd9028dcd9633ae0aa58bab036834d70ae74f1913009e8e092fe0ef02474a159
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-