General
-
Target
BL copy order nr. 1054-21.exe
-
Size
1.1MB
-
Sample
210119-5ljy8p5mz6
-
MD5
27ce7deb2528e3f77342c372f8789fed
-
SHA1
6d22d76fc1b7728d0f2065aca472f8c20bcd08bc
-
SHA256
5c7b804890877a7a9da085d878b0fc1a444aa1b75965e16beab74c978fab6079
-
SHA512
ba1ac8a35be56c4ee1ca2ab00082d33891184af1d5a9e97711aa92733a95adfaaa5f161de6868bbdb3dcc9fed0f71f32fcf71e3691f83cdb85c23fba7f502b0d
Static task
static1
Behavioral task
behavioral1
Sample
BL copy order nr. 1054-21.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.paniciagency.com/n6sn/
siearrasmission.com
exploringcharlotte.com
michaelthomasgunn.com
automationmarketers.com
vynxcl3kv3.com
df2229.com
vazivaimmo.net
usful.info
vescuderoabogados.com
janidevco.com
newshum.com
teamworkgod.com
snowwayconstruction.com
s8fyit.com
economicidentity.com
jennysay.com
gamoauction.com
thebooksofblood.com
graymatter-bi.com
newtownquick.net
howtoopenabeerwith.com
titimo.com
triangleurope.com
kayleecorner.com
aloveforbooks.com
pausmam.com
soldbylydia.com
unangelo.online
crohix.com
biezonskyrealty.net
nasmgmt.com
customersforlifeworkshop.com
mobilecomputerreps.com
rorricsafaris.com
3937899.com
driftcoin.com
vict.pro
allseasonsroofingsiding.net
finelinecare.com
consultantsapp.com
rangers3.xyz
les-bocaux.com
sou1.net
toddsmenswear.com
neptuneresto.com
barrierbeat.com
kordantravel.com
letterstogeorgie.com
brcond.com
slowcourt.com
shopsituyenphuongxuan.com
surwitlife.com
bklovecoach.com
albertafreeman.com
takingcarababiea.com
cnhremandealerservice.com
specializednurse.com
mymelodiousworld.com
kboom.fan
wildalaskacodcompany.com
temperpoint.com
coingrave.com
hosefire.com
heyimlulu.xyz
Targets
-
-
Target
BL copy order nr. 1054-21.exe
-
Size
1.1MB
-
MD5
27ce7deb2528e3f77342c372f8789fed
-
SHA1
6d22d76fc1b7728d0f2065aca472f8c20bcd08bc
-
SHA256
5c7b804890877a7a9da085d878b0fc1a444aa1b75965e16beab74c978fab6079
-
SHA512
ba1ac8a35be56c4ee1ca2ab00082d33891184af1d5a9e97711aa92733a95adfaaa5f161de6868bbdb3dcc9fed0f71f32fcf71e3691f83cdb85c23fba7f502b0d
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-