General
-
Target
insz.exe
-
Size
209KB
-
Sample
210119-r25nts2gma
-
MD5
394f9f303f2a0039f204a23c0a5ad1a7
-
SHA1
a84f6b731446c79f491292a46133087825cdc0ca
-
SHA256
ca035ce2804aff96e07142ecb344766e2fca568af3b5b01f60d7886225d7cd49
-
SHA512
ca16a81380c60f0e705e089bfaed815b0a050b4bbadbea1a54332f816a4cfb5535d86f86c93a865d84747e7a32c73193658b6ea5ec72d44cf915b519f6f9af21
Static task
static1
Behavioral task
behavioral1
Sample
insz.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.nationshiphop.com/hko6/
apartmentsineverettwa.com
forritcu.net
hotroodes.com
skinnerttc.com
royaltrustmyanmar.com
adreslog.com
kaysbridalboutiques.com
multitask-improvements.com
geniiforum.com
smarthomehatinh.asia
banglikeaboss.com
javlover.club
affiliateclubindia.com
mycapecoralhomevalue.com
comparamuebles.online
newrochellenissan.com
nairobi-paris.com
fwk.xyz
downdepot.com
nextgenmemorabilia.com
achonabu.com
stevebana.xyz
jacmkt.com
weownthenight187.com
divshop.pro
wewearceylon.com
skyreadymix.net
jaffacorner.com
bakerlibra.icu
femalecoliving.com
best20banks.com
millcityloam.com
signature-office.com
qlifepharmacy.com
dextermind.net
fittcycleacademy.com
davidoff.sucks
1033393.com
tutorsboulder.com
bonicc.com
goodberryjuice.com
zhaowulu.com
teryaq.media
a-zsolutionsllc.com
bitcoincandy.xyz
cfmfair.com
annefontain.com
princesssexyluxwear.com
prodigybrushes.com
zzhqp.com
hwcailing.com
translatiions.com
azery.site
wy1917.com
ringohouse.info
chartershome.com
thongtinhay.net
2201virginiacondo5.com
laurieryork.net
mujeresnegociantes.com
anchoriaswimwear.com
michaelsala.com
esdeportebici.com
ninjitsoo.com
Targets
-
-
Target
insz.exe
-
Size
209KB
-
MD5
394f9f303f2a0039f204a23c0a5ad1a7
-
SHA1
a84f6b731446c79f491292a46133087825cdc0ca
-
SHA256
ca035ce2804aff96e07142ecb344766e2fca568af3b5b01f60d7886225d7cd49
-
SHA512
ca16a81380c60f0e705e089bfaed815b0a050b4bbadbea1a54332f816a4cfb5535d86f86c93a865d84747e7a32c73193658b6ea5ec72d44cf915b519f6f9af21
-
Formbook Payload
-
Suspicious use of SetThreadContext
-