General
-
Target
CONT NO DFSU125310 products list.exe
-
Size
1.0MB
-
Sample
210226-b8dqxqhzes
-
MD5
5a92c96663ac34dd87d73e789c27f610
-
SHA1
46e21943df04f53eb175007c4bff3040619ae50b
-
SHA256
9f38ade8e53d28eef33a81e0559b92b44fa878ae9b61fadd3bb245d33486e2c0
-
SHA512
1bfb7176c5e9eeb2103a36760137fbe773d8b3170842e8e1e92a3b4629b140f93b4804a0198732a71924e0f4514325575310986e8b41805f860f844d01f1ca8a
Static task
static1
Behavioral task
behavioral1
Sample
CONT NO DFSU125310 products list.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.discorddeno.land/suod/
casirivimab.info
johnvogia.com
lzdafang.com
tarihmarketi.com
singalongpress.com
three60farms.com
websky.pro
jacketsmecca.com
magentos6.com
brooksideseniorapts.com
onewhistleandflags.com
naturopathe-valdoise-france.com
reflexmem.com
kurumsalpanel.com
bhuwarecruitment.com
exponentialhealth.online
posttensionrepairs.com
prbrokerllc.com
aashealthcarestaffing.com
pubgeventcenter.com
nashvilleluxuryrealty.com
okaygay.com
elizabethtatumphotog.com
saanvicreation.com
siouxfallsart.com
links-dentu.com
aitepizza.com
aguacatedemexico.com
59kaixin.com
dyatag.com
407wg.com
hustlrrrs.com
dreambux.online
alkolikoli.com
cabianca.net
dggdn.com
thebridgerealtygroup.com
concreteone.info
irawpowder.com
uu365ww.com
tattooankara.com
mobileshopmanager.com
bykarlisromero.com
mehmeterdas.com
prodezzadesign.com
mothersontex.com
ceim-recruit-sk.info
huayonlinewinner.com
xiongzhuai.com
peoplehrgroup.com
rasamrise.com
craftsmanwork.com
mysidewalkshops.com
infinity-gps.com
groentenenfruitbale.site
patricktourandtransfer.com
essexcomputing.co.uk
cafelongvu.com
annecy-taxi.com
iirinc.com
baileyscuppacrew.co.uk
1simpledrop.com
manicomzaley.com
rentlondonapartment.com
Targets
-
-
Target
CONT NO DFSU125310 products list.exe
-
Size
1.0MB
-
MD5
5a92c96663ac34dd87d73e789c27f610
-
SHA1
46e21943df04f53eb175007c4bff3040619ae50b
-
SHA256
9f38ade8e53d28eef33a81e0559b92b44fa878ae9b61fadd3bb245d33486e2c0
-
SHA512
1bfb7176c5e9eeb2103a36760137fbe773d8b3170842e8e1e92a3b4629b140f93b4804a0198732a71924e0f4514325575310986e8b41805f860f844d01f1ca8a
-
Formbook Payload
-
Suspicious use of SetThreadContext
-