General
-
Target
Statement for T10495 - 18-01-21 15-23.jar
-
Size
1.0MB
-
Sample
210119-ecvz7lm2g2
-
MD5
861c4a96a8f31a1f21b26ef6fd58e531
-
SHA1
d4e3c6efd37ad7d95c642528ec28ad2c733ca42a
-
SHA256
399638eeb199d1bbe7158c2f6864cc96697a0079e944518c71b0874a0811a360
-
SHA512
388ec18a8c30be9fa39c32e2dd08934dbbb3e1003963da7aaed9e478c554742eb315ed893e4da3e7d29fbe6f89bb4f0c988dfce4aa8ee659c4fad29d7f192700
Static task
static1
Behavioral task
behavioral1
Sample
Statement for T10495 - 18-01-21 15-23.jar
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.dmvantalya.com/bnuw/
amgggma.com
reptilerus.com
degearboss.com
jennaelsbakeshop.com
invisablescreen.com
beingsingleda.com
2nsupplements.online
12862.xyz
expand.care
romeoalchimistefullmental.com
7750166.com
brendonellis.com
sprayfoamharlemny.com
bukannyaterbuai30.com
boatpiz.com
stylistrx.com
decorationhaven.com
stockaro.com
state728.com
secretlairtoys.com
davenportnsons.com
gofetchable.com
xn--vhqqb859bnjqul4b7fg.com
jsmcareers.com
czb878.com
reformadventist.com
nishagile.com
rotalablog.com
beachesvr.com
ekpays.com
triphousestudio.com
kusytekrealities.com
madhabicorp.com
husum-ferienwohnungen.com
mitbss.com
farmersly.com
appcaoya.com
ninjawhatsapp.club
creuatrue.com
watsonmedi.com
purposelyproductivelab.com
alliswell.info
narichan01.com
racevx.xyz
swiftappliancessc.com
aiguapea.com
xn--kok-j59d107t.net
informaprofiles.com
denetimlitakip.net
xtremesupplies.com
motion-mill-tv.com
thealtxmvmt.com
sexeighty.com
kiiteblog.com
aoey.ink
tiendastags.com
politicalrefs.com
lifeinsuranceyourway.com
rozellrealtynj.com
newsparika.com
kettel.net
taxandbookkeepingsolutions.com
fashiongraphia.com
coredigit.net
Targets
-
-
Target
Statement for T10495 - 18-01-21 15-23.jar
-
Size
1.0MB
-
MD5
861c4a96a8f31a1f21b26ef6fd58e531
-
SHA1
d4e3c6efd37ad7d95c642528ec28ad2c733ca42a
-
SHA256
399638eeb199d1bbe7158c2f6864cc96697a0079e944518c71b0874a0811a360
-
SHA512
388ec18a8c30be9fa39c32e2dd08934dbbb3e1003963da7aaed9e478c554742eb315ed893e4da3e7d29fbe6f89bb4f0c988dfce4aa8ee659c4fad29d7f192700
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-