General
-
Target
Revised Invoice No CU 7035.exe
-
Size
469KB
-
Sample
210408-4dqlfwgjpe
-
MD5
a0b32e96914dfe7d50cc7a56d4939c2f
-
SHA1
3b3033ac851d71711ea10b263cf2b398833316b7
-
SHA256
2e10edfbe7c4a7c9220db55d3c6f921262366908277a5483ff0faf5579e194f4
-
SHA512
ee8f0b1dfefb45ab7188b4bb60bb175a2a71ad58fa1083059f98d81a54d7ec03a63fb0ab9f1897f2d8c9224468a9230b8acb936ac82d54c743e72eab5480508a
Static task
static1
Behavioral task
behavioral1
Sample
Revised Invoice No CU 7035.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
4.1
http://www.the-techs.info/chue/
wowmovies.today
magentos6.com
bi-nav.com
atlantahawks.sucks
wluabjy.icu
kevableinsights.com
lavidaenaustralia.com
stonermadeapparel.net
sondein.com
cirquedusoleilartist.com
kanjitem.com
tomofalltrades.site
mecanico.guru
tech2020s.com
amesoneco.com
theawfulliar.com
californiaadugurus.com
rentalservicesolutions.com
fsxbhd.club
casino-seo.com
asknesto.com
get-rangextd.com
gkwill.com
juliegiles.net
pagosafreedom.com
wbpossiblellc.com
fhjfyutotyhfse.com
sexshopsatelite.com
shellykraftlaw.com
motherhenscoop.com
mboklanjar.com
redwoodcityswing.com
haier-mz.com
metalinjectionltd.asia
franquiaoriginal.com
mcronaldfood.com
mobilegymconcierge.com
haifu168.com
apeiro.life
thejosephnashvilletn.com
bensbrickstore.com
sanctumwell.com
beanexthomie.com
stylazhaircare.com
jordanvanvleet.com
jdwx400.com
francescoricco.com
gameshowsatschool.com
alqymist-monaco.com
infinitysportsmassage.com
algorithmrecruitment.com
tanyasubatang.com
impressivebackyard.com
wwwgocashwire.com
visual-pioneers.net
thememo-mobilebar.com
wagner-fahrschulegmbh.com
minterfortexas.com
codelopers.com
inyarsb.icu
ravenlightproductions.com
germiblock.com
coutinhoefelipeadv.com
diegobr1307.life
Targets
-
-
Target
Revised Invoice No CU 7035.exe
-
Size
469KB
-
MD5
a0b32e96914dfe7d50cc7a56d4939c2f
-
SHA1
3b3033ac851d71711ea10b263cf2b398833316b7
-
SHA256
2e10edfbe7c4a7c9220db55d3c6f921262366908277a5483ff0faf5579e194f4
-
SHA512
ee8f0b1dfefb45ab7188b4bb60bb175a2a71ad58fa1083059f98d81a54d7ec03a63fb0ab9f1897f2d8c9224468a9230b8acb936ac82d54c743e72eab5480508a
-
Formbook Payload
-
Nirsoft
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-