General
-
Target
Arrival Notice.scr
-
Size
1.0MB
-
Sample
210119-ddfs8fhkn6
-
MD5
4817f2cac71c4d47f1f478d69703db60
-
SHA1
71aaa5e421c5252d4399cacf81a673d84891d1c6
-
SHA256
14ee2894b546ba6d7835ee4dd8e07ef72fb10bfaebec8f1687da4559267cb72e
-
SHA512
efa1e717d902e27ef95f32c73e606798e24dac9c9c612bc6499627fea475fbd06cee4e39fff201bc96f22101ab2acd789b719186bbb6d15f81000a151f1026d0
Static task
static1
Behavioral task
behavioral1
Sample
Arrival Notice.scr
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.thesiromiel.com/kgw/
valentinakasu.com
soyelmatador.com
collaborativeprosperity.com
power8brokers.com
nexus-ink.com
manpasandmeatmarket.com
the-ethical-forums.today
maryannpark.com
bikininbodymommy.com
pxwuo.com
bigbangmerch.com
okaysinger.com
shopcarpe.com
rainbowhillsswimclub.com
crifinmarket.com
ebl-play.net
forceandsonsequipment.com
viagraytqwi.com
latashashop.com
suffocatinglymundanepodcast.com
metanoria.com
camera-kento.com
hotsaledeals.store
outlawgospelshow.com
saisaharashipping.com
buyiprod.com
pestigenix.com
opendesignpodcast.com
patentml.com
covaxbiotech.com
youjar.com
domvy.xyz
remodelmemphis.com
milehighdistributionllc.com
merchandisingpremium.com
fallguysmovile.com
actuelburo.xyz
nedlebow.com
shopcryptocurrency247.com
riellymoore.com
affinitymotorsales.com
akmh.pro
hsrrxs.com
atlanticdentallab.com
sagarpantry.com
murinemodel.com
karybeautycare.com
boshangkeji.com
dailynewstodays.com
oregonpyramids.com
dsjmzyz.com
gidagozlemevi.com
tribelessofficial.com
cyberonica.com
onehourcheckout.com
tenaflypedatrics.com
nbworldfire.com
setyourhead.com
manticore-habitat.com
iqftomatoes.com
fejsearesete.com
gregsgradeaappliancerepair.com
sfmfgco.com
directprnews.com
Targets
-
-
Target
Arrival Notice.scr
-
Size
1.0MB
-
MD5
4817f2cac71c4d47f1f478d69703db60
-
SHA1
71aaa5e421c5252d4399cacf81a673d84891d1c6
-
SHA256
14ee2894b546ba6d7835ee4dd8e07ef72fb10bfaebec8f1687da4559267cb72e
-
SHA512
efa1e717d902e27ef95f32c73e606798e24dac9c9c612bc6499627fea475fbd06cee4e39fff201bc96f22101ab2acd789b719186bbb6d15f81000a151f1026d0
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-