General
-
Target
Request for Quotation.exe
-
Size
500KB
-
Sample
210226-q82lpvw9cn
-
MD5
1d9fd84bc6eaa80b160bd313750f6ff5
-
SHA1
011e1975d6cb6a567ad3fed83d59310728bd9227
-
SHA256
1df6109d033a42d97b34133e69afc0da679586b85b6614b034ebfd9343062d20
-
SHA512
d66d0a83284f6f21e711c3d62bcd280042d6a50125dc410b4c79d6f6dba7be5b6bd628fb21e6491b2bb291770f6d1c3951257e948dcbbb587e397fc75296a8da
Static task
static1
Behavioral task
behavioral1
Sample
Request for Quotation.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.fptableau.com/u3q/
wingenomics.com
malwaredeepdive.com
uvdxkup.icu
safeweb-url624.com
lighthousetan.com
liumeilin.com
thaiexpressnyc.com
primedperspective.com
georgekwalker.com
purelife-gt.com
theboseproject.com
moralalaska.icu
anthonysoflittleitaly.com
talahadavi.com
waterbrooksacademy.com
aluneaproaieauayauwpalaua.com
mytshirtforlife.com
penerbitlayung.com
chainslugs.com
bhbgsc.com
blessux.com
jacqueselegantbling.jewelry
nautradio.com
taolife365.com
dreamteammortage.com
starboardvalueac.com
konstantiuk.com
plataformamultireweb-1bn.xyz
prime-deliveries19.com
articulationcrew.com
xdtee.com
collegeadmissions.xyz
diabetesdirective.com
rgyabogadas.com
getxpro.com
hydrogrowlife.com
confirmacionesrfea.com
caleighsmacarons.com
swiftnearby.com
timliadiwasi.com
odonyenicoleboutique.com
mydomainaccounts.com
dietanutricional.com
agilecoaching30.com
carbeloy.com
coinflip259.com
jsinekovo.com
carazone.com
huaweilabs.com
bestsonomahomesearch.com
myproductteam.com
amct-tony.com
thecleanstones.com
gunrangesonline.com
njywy.com
aboutourwellness.com
futebolpleyhd.com
devotedfootwear.com
parkpatent.com
pqlon.com
commercialinsuranceclaims.guru
conjureandcharm.com
greenracksolar.com
gwtguardwell.com
Targets
-
-
Target
Request for Quotation.exe
-
Size
500KB
-
MD5
1d9fd84bc6eaa80b160bd313750f6ff5
-
SHA1
011e1975d6cb6a567ad3fed83d59310728bd9227
-
SHA256
1df6109d033a42d97b34133e69afc0da679586b85b6614b034ebfd9343062d20
-
SHA512
d66d0a83284f6f21e711c3d62bcd280042d6a50125dc410b4c79d6f6dba7be5b6bd628fb21e6491b2bb291770f6d1c3951257e948dcbbb587e397fc75296a8da
-
Beds Protector Packer
Detects Beds Protector packer used to load .NET malware.
-
Formbook Payload
-
Suspicious use of SetThreadContext
-