General
-
Target
Details here.exe
-
Size
1.2MB
-
Sample
210118-3l859bgpbx
-
MD5
a952c15d26e8b87cce83c842f9c56d71
-
SHA1
734fab89fedb57add80068bc56267512d717c189
-
SHA256
67710323c3dd7ba7cc04081512bdb304b4d7edd72975f2891c1f5893fdb75a8a
-
SHA512
2b433b9670d54b588cd1bd77e302ef6dea911bdb6eb5043653003b2ec30d005fb953c7ec844235203b56e22e3e26b60cadcea7662a9a73471441d64e01b8c696
Static task
static1
Behavioral task
behavioral1
Sample
Details here.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.deuxus.com/t052/
ladybug-learning.com
unforgottenstory.com
oldmopaiv.xyz
natashaexim.com
hannahmcelgunn.com
retargetingmachines.info
njoconline.com
unicornlankadelivery.com
giftkerala.com
englishfordoctors.online
schatzilandrvresort.com
brujoisaac.com
basiccampinggear.com
escapees.today
dgyxsy888.com
stevebana.xyz
mimozakebap.com
ezdoff.com
pluumyspalace.com
shaoshanshan.com
crazyvine.wine
sfjt55.com
xjgqh.com
netverificatie-home.info
efnew.com
welderweb.com
2ndstars.com
parrotpink.com
sarahjanehammock.com
pizzawestpalmbeach.com
pivot-branding.com
bribiebootcamp.com
floridaincontinencetherapy.com
muddanyc.com
pflegedienst-24-7.com
kunstradar.com
coolgadgetsdominate.com
comedynationlive.com
workoutandlawn.com
orangecountyvolvolease.com
sunrisemath.com
premiumenterprisegroup.com
mnglobalplatform.com
bijie.xyz
christiandailyusa.com
kismetestatestjohn.com
bobyworks.com
h2cooker.com
kimquint.com
torturechamberproductions.com
superbbsuper.com
bibleandkoran.net
oncuecollective.com
strat-fundamentals.info
taichi.chat
beautyroomgreenwich.com
686761.com
prostatamrt.net
medicina-genomica.com
hl022.com
forestlawnfunerals.com
charismayachts.com
sublimequalitystore.com
bowvacare.com
Targets
-
-
Target
Details here.exe
-
Size
1.2MB
-
MD5
a952c15d26e8b87cce83c842f9c56d71
-
SHA1
734fab89fedb57add80068bc56267512d717c189
-
SHA256
67710323c3dd7ba7cc04081512bdb304b4d7edd72975f2891c1f5893fdb75a8a
-
SHA512
2b433b9670d54b588cd1bd77e302ef6dea911bdb6eb5043653003b2ec30d005fb953c7ec844235203b56e22e3e26b60cadcea7662a9a73471441d64e01b8c696
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-