General
-
Target
HEALTH CERTIFICATES.pdf.arj
-
Size
191KB
-
Sample
210225-3mk83yngb2
-
MD5
38d3759f011f2c27be8b0c6e7be5a1cd
-
SHA1
8da450c5280e0ab541c079d76463b6f8a6195bbc
-
SHA256
d9974ec866f729267a570ae5faaf7e43af8162d338cb9a5f40e6f827f0f7840e
-
SHA512
7990f550cb20cae0009fc120f02b71dc35f90839cfd53f74f88904c2fbed509942382f66f127989706e7235df57e1dafff86ec2eec309e174f2514acff816c3d
Static task
static1
Behavioral task
behavioral1
Sample
HEALTH CERTIFICATES_pdf.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.rayyanu.com/cu6o/
gardeniabotanics.com
millionairenursesociety.com
moronimatteo.com
856379910.xyz
grigparis.com
sensifeet.com
easyhomediytech.com
code2coffee.com
hallowsevecandles.com
lanyardsbylexi.com
polugroup.com
esporaurbana.com
15tothecity.com
confidentplans.com
myecosupply.com
digigro.net
dividend.zone
socialcapitalllc.com
dlpm104.com
espressdelivery.com
giftersjourney.net
gabyworkshop.com
bobdj8.com
urgencebeirut.net
terracare-leather.com
eefi.finance
naturallyscare.com
npcasino.com
financialblueprint101.com
xp263.com
elidesignstudio.com
casasydepartamentosiv.com
ambitiousonlineeducator.com
mymicrocell.com
jimboy.asia
tonerscartridge.com
gumboprivacy.com
digitaljg.com
cantontutors.com
coronaschuldenzaezurgesetz.info
vtnywvebk.club
thepurechemist.com
theifyshow.com
becaku.com
colganmusic.com
7416shadylane.com
dexterdametamoros.com
suenail.com
dailytrunkdesign.com
chaing-list.xyz
evo-cb.com
solarpackingmachine.com
skiptrace.online
gmalud.com
premierfashionstyle.com
allblacksperformance.club
windblowncamping.com
terapiademuerdago.com
reachhub.net
devfestindia.com
susannekamalieh.com
freehomerenovations.com
aacilotoparca.com
wheretobuyfacemasksincanada.com
Targets
-
-
Target
HEALTH CERTIFICATES_pdf.exe
-
Size
206KB
-
MD5
5fd5c091e2aabd5cd2b9d56636a86161
-
SHA1
8a962bb871975c8d4c640efc80950e06aeebaf8e
-
SHA256
7d70c24a55c87142f1adf402fb8d521ca6b3473c86e31119fdd7f538af2f9c8c
-
SHA512
8483a93b772eaf64322d65b77c2001993df79508a33d74d82b8d76ff1ad27706b2e1df0ad478902d28fc72ecef345b0a30fd344823d4701c0af75181e10e60db
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-