General
-
Target
Payment Slip.exe
-
Size
505KB
-
Sample
210408-5fbybchvl6
-
MD5
2ca388f576c09252531a51474cdf74ae
-
SHA1
2d8f4f340bf642fc0f2565a20ed079cc669e18b3
-
SHA256
4f450fcf02d7006fd4fbea8c2cad999397672d44864f1e8c504633ce53c3d53d
-
SHA512
373f3f9690c9061922ea95ec24c86c87a586125949e1368268b018185be44db6cc273cec9e42821f857b733d9bbe6462e5b8ba37149f577597dcaa33f1f0e791
Static task
static1
Behavioral task
behavioral1
Sample
Payment Slip.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
4.1
http://www.the-techs.info/chue/
wowmovies.today
magentos6.com
bi-nav.com
atlantahawks.sucks
wluabjy.icu
kevableinsights.com
lavidaenaustralia.com
stonermadeapparel.net
sondein.com
cirquedusoleilartist.com
kanjitem.com
tomofalltrades.site
mecanico.guru
tech2020s.com
amesoneco.com
theawfulliar.com
californiaadugurus.com
rentalservicesolutions.com
fsxbhd.club
casino-seo.com
asknesto.com
get-rangextd.com
gkwill.com
juliegiles.net
pagosafreedom.com
wbpossiblellc.com
fhjfyutotyhfse.com
sexshopsatelite.com
shellykraftlaw.com
motherhenscoop.com
mboklanjar.com
redwoodcityswing.com
haier-mz.com
metalinjectionltd.asia
franquiaoriginal.com
mcronaldfood.com
mobilegymconcierge.com
haifu168.com
apeiro.life
thejosephnashvilletn.com
bensbrickstore.com
sanctumwell.com
beanexthomie.com
stylazhaircare.com
jordanvanvleet.com
jdwx400.com
francescoricco.com
gameshowsatschool.com
alqymist-monaco.com
infinitysportsmassage.com
algorithmrecruitment.com
tanyasubatang.com
impressivebackyard.com
wwwgocashwire.com
visual-pioneers.net
thememo-mobilebar.com
wagner-fahrschulegmbh.com
minterfortexas.com
codelopers.com
inyarsb.icu
ravenlightproductions.com
germiblock.com
coutinhoefelipeadv.com
diegobr1307.life
Targets
-
-
Target
Payment Slip.exe
-
Size
505KB
-
MD5
2ca388f576c09252531a51474cdf74ae
-
SHA1
2d8f4f340bf642fc0f2565a20ed079cc669e18b3
-
SHA256
4f450fcf02d7006fd4fbea8c2cad999397672d44864f1e8c504633ce53c3d53d
-
SHA512
373f3f9690c9061922ea95ec24c86c87a586125949e1368268b018185be44db6cc273cec9e42821f857b733d9bbe6462e5b8ba37149f577597dcaa33f1f0e791
-
Formbook Payload
-
Nirsoft
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-