General
-
Target
15012021.exe
-
Size
901KB
-
Sample
210115-byypds57la
-
MD5
250975865bf0cc75d7b05c3a8e9fcbe2
-
SHA1
3e2cf4300dd07a2662f552b18438895e75486d9a
-
SHA256
e10a18344876f44eea40708f80322df6ec17eea4fec0b7de74c97aab23421600
-
SHA512
9bbdb7ad1d4e8abbb195114e2771532e98fda18762a96e55cbdf7cf25337c82e780492f54f59f6c9fe475871c43abab6be4a73e7aeb78025dc00bb1986654136
Static task
static1
Behavioral task
behavioral1
Sample
15012021.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.timoniks.com/rbg/
fingermode.com
parkplace.finance
hollandgreen2020.com
starbets.site
vehiculesfrigorifiques.com
sydiifinancial.com
rpivuenation.com
freesubdirectory.com
independencepartynyc.com
dogruparti.info
independencecountyclub.com
midnightlashesbykim.com
digitalsept.com
whatilikeabouttoday.com
marktplaatsaccount.info
13400667334.com
xinwei-ge.com
login-appleid.info
momashands.com
kennyxpress.com
yushin2733.com
olenfex.com
agorabookstore.com
iotajinn.com
511tea.com
sullian.com
virtuallawyerservices.com
machineryhunters.online
mintamuntaz.com
sunflowerhybrid.com
hocbai24h.com
bundletvdeal.com
engjape.com
villamariaapartments.com
arabaozellikleri.net
fortheloveofdawg.com
mullinsmusicministry.com
rescuecellphones.com
infinityenterpriselr.com
humormug.com
summitplazagurgaon.com
rogo24.com
apluspartybus.com
chernliyfashion.com
presentvaluecore.com
bangbangfactory.com
leandroresolve.com
hk6628.com
anotherheadache.com
jiemanwu.com
a1dandyhandyman.com
pennsylvaniacraft.com
vrank.icu
avivemg.icu
littlestarenglish.com
jrprofessionale.com
belze.net
svtrbu.com
healthpassportasia.com
kadakudu.com
rahatindir.com
seamssewmuchbetter.com
brancusi.net
ido.lgbt
Targets
-
-
Target
15012021.exe
-
Size
901KB
-
MD5
250975865bf0cc75d7b05c3a8e9fcbe2
-
SHA1
3e2cf4300dd07a2662f552b18438895e75486d9a
-
SHA256
e10a18344876f44eea40708f80322df6ec17eea4fec0b7de74c97aab23421600
-
SHA512
9bbdb7ad1d4e8abbb195114e2771532e98fda18762a96e55cbdf7cf25337c82e780492f54f59f6c9fe475871c43abab6be4a73e7aeb78025dc00bb1986654136
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-