General
-
Target
SKM_C221200706052800.exe
-
Size
273KB
-
Sample
210118-gdy3m636v2
-
MD5
3c51788968fa6ed67bde7511b1868b08
-
SHA1
194e63c851406e2ac39ef09d48ab35871e041ccc
-
SHA256
0baedfe6121c3fdc3438625335a05080f6e347bf6ff29910d2ff35b2aa02d4d5
-
SHA512
2f872cd65df657e420c8d47e4b9ef2919ecc4b8170855751f8b26faec02fe59df949cb9c3306327250911292d52261a1a28970c2ba41044e47e4f7cb8a3e4467
Static task
static1
Behavioral task
behavioral1
Sample
SKM_C221200706052800.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.destinny.com/s9zh/
paintedinafrica.com
electrumfix.download
edlange.com
tqiawy.xyz
satiscenter.xyz
nc-affiliates.com
agencybuilderforum.com
testabcde.net
venisseturf.net
rubenvdsande.com
nzmatrimony.com
mdthriftsandflips.com
virtualfxstudio.com
communityinsuranceut.com
qqbokep.com
copeva.net
bookedupdaily.com
houstongrowmyairway.com
fortunapublishing.com
empireplumbingandheating.com
globalefactory.com
alfrednelson.com
kernwide.com
soulwaves.info
iregentos.info
emfirstchoice.com
popvoc.com
clubdeproyectos.com
nathanlaube.net
davaresoon.com
girlsnightoutcollection.net
alchemdiagnostics.com
intlgrowcap.com
northeasttnrentalproperties.com
1971265.com
yobingo.ltd
comunityassn.com
pupupe.com
physicianmedspa.com
forestloretour.com
tauntongo.com
elegancescent.com
traumatotrust.com
blkdenim.com
b-taking.com
naturalhealthadvisery.com
fight-box.com
socia1security.net
prestondelnorteapartments.com
peaclbgju.icu
thegolfclubatcirclec.com
westqueenwestlofts.com
elitedesignzink.com
czpeixun.com
blossomenterpriseuganda.com
danettesgifts.com
psikometriums.com
rainbowbanks.com
deshbari.com
movementspecialistslv.com
amkcar.com
contractorsan.com
onurtel.com
dotalogy.com
Targets
-
-
Target
SKM_C221200706052800.exe
-
Size
273KB
-
MD5
3c51788968fa6ed67bde7511b1868b08
-
SHA1
194e63c851406e2ac39ef09d48ab35871e041ccc
-
SHA256
0baedfe6121c3fdc3438625335a05080f6e347bf6ff29910d2ff35b2aa02d4d5
-
SHA512
2f872cd65df657e420c8d47e4b9ef2919ecc4b8170855751f8b26faec02fe59df949cb9c3306327250911292d52261a1a28970c2ba41044e47e4f7cb8a3e4467
-
Xloader Payload
-
Blocklisted process makes network request
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-