General
-
Target
(G0170-PF3F-20-0260)2T.exe
-
Size
913KB
-
Sample
210119-5g81l85cgx
-
MD5
a0a82102cb43369d8f015e6b0ccbc92f
-
SHA1
f455daf508f31a8c5346a38ac50254aabd8d0e66
-
SHA256
4152dfeafe557dc1f2f56dbf30de70914fbfc379c144678588b3629bccf7e905
-
SHA512
9911d136c9059944e43030a2133f6124f7621882c419da9cb2538a4e57bcf388161e71514dc58805c6e80ef23cfb7cbd5f857204d5f8fa870a65cacb33e05a16
Static task
static1
Behavioral task
behavioral1
Sample
(G0170-PF3F-20-0260)2T.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.niket.world/u77/
xfzq168.com
bangbroe.com
mickwestband.com
istoeofertas.com
cornerstonecosmetics.com
ycshengquan.com
mercedesbaldo.com
965459.com
wehealasonepinas.com
cbdamic.com
only1weightcontrol.com
bbvqcompass.com
ganni76.com
theartishock.com
asianatofu.com
birkston.com
reidformayor.com
yoonymax.com
radicalcoachsociety.com
fabeaulashspa.com
inpropakistan.com
teslinconsulting.com
bstechstore.com
arshadbistari.com
vancroiis.com
theeducationmachine.com
73gardinerdrive.com
xinwei-ge.com
ojhdmuod.icu
ihad2.com
searko.com
verneglobal.info
robotiguards.com
heroesandhustlers.com
bpicaredot.com
fishbz.com
powerinsulations.com
fixmypaversjax.com
princessi.com
bungeeholster.com
selfisolationnovascotia.com
bonmella.com
thetremontseniorliving.com
firmeses.com
totalknockoutsports.com
bminenow.com
autopressinfo.com
penieljoseph.com
h0usepr0jects.com
puqulair.net
helpingmorepeople.com
francelivetv.xyz
restartrecoveryresidences.com
nusaservices.com
dowtheorycomment.com
tryjoytoday.com
letsgetsunny.com
dolcevasques.com
leadershipcodes.com
beyourownpetbusinesspr.co.uk
aapbk.com
savingbondwizard.com
marketingdestatus.com
ynotb-fly.com
Targets
-
-
Target
(G0170-PF3F-20-0260)2T.exe
-
Size
913KB
-
MD5
a0a82102cb43369d8f015e6b0ccbc92f
-
SHA1
f455daf508f31a8c5346a38ac50254aabd8d0e66
-
SHA256
4152dfeafe557dc1f2f56dbf30de70914fbfc379c144678588b3629bccf7e905
-
SHA512
9911d136c9059944e43030a2133f6124f7621882c419da9cb2538a4e57bcf388161e71514dc58805c6e80ef23cfb7cbd5f857204d5f8fa870a65cacb33e05a16
-
Formbook Payload
-
Suspicious use of SetThreadContext
-