General
-
Target
PO 15682.rar
-
Size
38KB
-
Sample
210226-n8vxaq3d16
-
MD5
abd6e7800fce57588152130bbe6c3d6d
-
SHA1
4fa92452b2d3d3b9a44350ad8e7f6a749b5918bc
-
SHA256
bc6b1b5ae30207710574e2fc475111020061d25f8e39781a3f4cd3902f7c6b3e
-
SHA512
bde2268f928283bb512754c5a7ec73a7fae9ba4e45b3652a8e0b48c74d23d547b7a19523624b40952c8e86633b4868c55eb7ba1b37c48ad3056f0a886f33d777
Static task
static1
Behavioral task
behavioral1
Sample
PO 15682.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.lyceumgroupbooks.com/blk/
khoasoldguaranteed.com
mamucosmetic.com
numerologo.guru
r--hmb.info
dirtywonga.net
chefsdelivered.com
reallylongsex.today
ownthelightbetweenoceans.com
tallboyradio.com
laineygissip.com
alkhemilia.com
tiedye-design.com
simonmarkroberts.com
thebattledrones.com
w-bayvip.vin
icloudmyfind.biz
soughandhikaresorts.com
gisjess.com
modacicekevi.com
gymwelluk.com
ir-organicland.com
ehobgood.net
smctaxandaccounting.com
ajdqc.com
charcuterieboardathome.com
humanityhealththc.com
chirpmsg.com
admiddle.com
yjweddingfair.com
shegimx.com
korea-news.today
naqisw.xyz
thecrawfordmarket.com
paintedbouquets.com
lotterynumberz.com
sujoykumarsarkar.com
entorobank.com
cqyc39.com
crxwnculture.com
bodycontourshop.com
armsfun.com
lib-dl.com
atlasroseauthor.com
iwfxff.com
masterthehysteria.com
tenphoto4.net
unrulzy.com
ca-acconline.com
365reasonstojoinamlm.com
cpa-fufu.com
getrtuned.com
aliifirewood.com
carrlattic.com
5g8mp6.com
electricbusters.com
oneslipstream.com
gleeddesign.co.uk
geraloutaine.com
ajbuxton.com
3lordclub.com
simplychicaffair.com
zofiaphotoblog.com
ourblissfulhomes.com
apluspartybus.com
Targets
-
-
Target
PO 15682.exe
-
Size
132KB
-
MD5
152a5851db0c8cf4e0d70ebdc17ee40f
-
SHA1
6f5d834b312bad0742efacf2dc4e1484a9541b40
-
SHA256
9433390a8374d47e62017b03c8d949af363e1f1aaa5247a2e320fc611c42f138
-
SHA512
c28b65148108e09ec8844ef02b8d309a78b9737462dd5ec0bf11817a309d564a810e779e3757d40741712a3a4e0e1bda4f161927876a0500049a3f5bdc40c1af
-
Formbook Payload
-
Deletes itself
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-