General
-
Target
Shipment Document BL,INV and packing list.ace
-
Size
358KB
-
Sample
210226-agxarav9px
-
MD5
f1599b7270d33a5132a8f75461337d92
-
SHA1
b3d5af008fbf8c5e0a0b6d956bc33c79c927e5ae
-
SHA256
dc56f8319fd0bd85861ba6a623824a84c84a230edfb7234ea47bb90845da48ef
-
SHA512
c17352aa82234cdd34cd91a54a0a8c30ee433c3c4c531c33a53613f9f227271c745b3302b9e1c51d44daaf15d7f9e220c946f13678d57e6994cfc9043373747f
Static task
static1
Behavioral task
behavioral1
Sample
Shipment Document BL,INV and packing list.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.webperb.com/nehc/
havenmaple.com
katrinasmarket.com
ccharlet.com
everestmedicalgroupusa.net
powervoc.com
crypto300cluv.com
davidrichterlaw.com
parkcitysongfest.com
videogeniusawards.com
beleave.club
gooddeedprocessing.com
synthsup.com
eceiptsworld.com
infinityanalytics.co.uk
damghair.com
sabaidate.com
guitarsir.com
thebowlingspot.com
denturelabmiami.com
mo-cooking.com
eronbon.com
appleunveils.com
gelisim-elektronik.com
cardinalvaletlax.com
ehot-tech.com
boefem.com
milliemaiden.com
phoenixpure.net
versalita.net
avon.sucks
larutasustentable.com
townleolawi.com
hyejeongfood.com
strategrowth.com
twofiveninetwo.com
bymirzaoglu.com
centrodesaludcrecer.com
pensacolahandymanservices.com
march.wtf
layer.icu
sweetpeamagnoliaco.com
palaceelysee.website
silkayra.com
integratednourishment.com
eitalasqueira.com
edfenr-invest.com
rezervacnisystem.online
viassoft.com
sfmfm.com
sangharshbharatnews.com
underdessous.com
luisxe.info
eliveyeyn.com
lavesteenjean.com
h2oworks.net
imtheonlyperson.technology
premoo.com
weareprof.com
newcotechnology.com
monnaisjouetsherbrooke.com
juegoroblox.com
ryacorcosquin.com
livetechstop.com
hnuman.com
Targets
-
-
Target
Shipment Document BL,INV and packing list.exe
-
Size
454KB
-
MD5
553cd6156563de1a6bd068761a8b8066
-
SHA1
bb500d28f113b37cdfa4d09f160a417214188ac2
-
SHA256
10d80e3275154e9e39e98d3622a7af4f98a5fd1f0a073839d9e8d670cbd5d3e6
-
SHA512
9750b665cf70d9b9000f11edeb26a77d7a0bc8b294aaeb948e51b8abc8239c1801b5b8784bdefef887141e7cda1759263e6e68cf18d1f63432eeb211d63b032b
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-