General
-
Target
inv.exe
-
Size
343KB
-
Sample
210118-cckqhred7e
-
MD5
59ca7615f52a57b4d4528956889491ca
-
SHA1
790ffd88a22f28df64c491e9fef87d50ceb9bfb7
-
SHA256
bfa63841a36301ed60a4a0c177ad229a1b09266034182b7c8695fa5d7324f0b4
-
SHA512
6564a9edcc216bfde643e24604cb2f536ea997bf902d933c40760ff834decb990f2f70f968484a27619551e4e493adcf867f0a19c1806a8142845692102f95fd
Static task
static1
Behavioral task
behavioral1
Sample
inv.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.nationshiphop.com/hko6/
apartmentsineverettwa.com
forritcu.net
hotroodes.com
skinnerttc.com
royaltrustmyanmar.com
adreslog.com
kaysbridalboutiques.com
multitask-improvements.com
geniiforum.com
smarthomehatinh.asia
banglikeaboss.com
javlover.club
affiliateclubindia.com
mycapecoralhomevalue.com
comparamuebles.online
newrochellenissan.com
nairobi-paris.com
fwk.xyz
downdepot.com
nextgenmemorabilia.com
achonabu.com
stevebana.xyz
jacmkt.com
weownthenight187.com
divshop.pro
wewearceylon.com
skyreadymix.net
jaffacorner.com
bakerlibra.icu
femalecoliving.com
best20banks.com
millcityloam.com
signature-office.com
qlifepharmacy.com
dextermind.net
fittcycleacademy.com
davidoff.sucks
1033393.com
tutorsboulder.com
bonicc.com
goodberryjuice.com
zhaowulu.com
teryaq.media
a-zsolutionsllc.com
bitcoincandy.xyz
cfmfair.com
annefontain.com
princesssexyluxwear.com
prodigybrushes.com
zzhqp.com
hwcailing.com
translatiions.com
azery.site
wy1917.com
ringohouse.info
chartershome.com
thongtinhay.net
2201virginiacondo5.com
laurieryork.net
mujeresnegociantes.com
anchoriaswimwear.com
michaelsala.com
esdeportebici.com
ninjitsoo.com
Targets
-
-
Target
inv.exe
-
Size
343KB
-
MD5
59ca7615f52a57b4d4528956889491ca
-
SHA1
790ffd88a22f28df64c491e9fef87d50ceb9bfb7
-
SHA256
bfa63841a36301ed60a4a0c177ad229a1b09266034182b7c8695fa5d7324f0b4
-
SHA512
6564a9edcc216bfde643e24604cb2f536ea997bf902d933c40760ff834decb990f2f70f968484a27619551e4e493adcf867f0a19c1806a8142845692102f95fd
-
Formbook Payload
-
Suspicious use of SetThreadContext
-