General
-
Target
f795ec76867aff474785453b182fb227.exe
-
Size
1.4MB
-
Sample
210120-yzk6rpfbvx
-
MD5
f795ec76867aff474785453b182fb227
-
SHA1
5ea17d9e3d7d73867f22984042f2ea9113c4c942
-
SHA256
f78a6375389df1b721be110480efd240f604f51868031e72d88cb7612616fb67
-
SHA512
df110e37d963bb3dd9df72d49f551036a2f87a96cb79b76fefb3a8b90889800e1f0a4be68657663b9099f476d3b7a6bfa4a96518aa7e5baa1c2b9ae346304612
Static task
static1
Behavioral task
behavioral1
Sample
f795ec76867aff474785453b182fb227.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.waverunner-fan.com/pp2/
meredithridenhour.com
foundationsseniormanagement.com
sallyta.com
msmonlinellc.com
entreprisesfr.com
neadclunlounge.com
lexuscarbonfiber.com
electroglas-probers.com
investedgefinancialinc.com
blm.healthcare
workoutmagazinemx.com
edmondsagent.com
rodrigzart.com
standardstripcurtains.com
carrier.email
hifan.info
fhcqtravel.com
legacycream.com
topfurnity.com
solids-development.net
e-reklamcim.com
cookedabs.com
ecotime.info
rosalesingenieria.com
onehundredphotographs.com
brightwoodcollection.com
kafamrahat.pro
moveagronegocios.com
voltchargers.net
rgsjanitorial.com
oroinplastic.com
papelonlavapies.com
jayfloe.com
hotlinefx.com
anitrap.com
nehyam.com
vistas-del-valle.com
liliaandjohn.com
thelifehereafter.com
homepublishingonline.com
moneo-umu.com
99blogs.club
mauricemeade.com
55967w.com
yhel-official.com
auykypzna.club
theindiatrends.com
legnoartshopusa.com
dkbaits.com
fairandfitness.store
rakkutenn.icu
teamamlinhomevalue.com
stayweirdswim.uk
businesscouuntmanagement.com
zunebox.com
paracubaexpress.com
legantstylz.net
locomarket-kwt.com
kal-shop.com
guoyuan.plus
kocaeliguvercin.com
silverrosefd.co.uk
kunstatelier.net
gomoolah.com
Targets
-
-
Target
f795ec76867aff474785453b182fb227.exe
-
Size
1.4MB
-
MD5
f795ec76867aff474785453b182fb227
-
SHA1
5ea17d9e3d7d73867f22984042f2ea9113c4c942
-
SHA256
f78a6375389df1b721be110480efd240f604f51868031e72d88cb7612616fb67
-
SHA512
df110e37d963bb3dd9df72d49f551036a2f87a96cb79b76fefb3a8b90889800e1f0a4be68657663b9099f476d3b7a6bfa4a96518aa7e5baa1c2b9ae346304612
-
Formbook Payload
-
Suspicious use of SetThreadContext
-