General
-
Target
PO#560.zip.exe
-
Size
913KB
-
Sample
210408-f2hzc2r8bj
-
MD5
225f5938273f006356fd813e46e3fcef
-
SHA1
347cd34fd095ae8f843ee436dde5043bba8fb192
-
SHA256
69a395d24a3536ef7698ae036596bed55856d4777356946f498faec3f1395f8d
-
SHA512
a6b9d13ea56e7e22abb484de6c4d5b53b7dc645e23327c9b45d20ce872408d3a9c9c93bdf540e39dd3c4a0206f7fc5008edff5787fad1b2674ebe3e060bbfb9c
Static task
static1
Behavioral task
behavioral1
Sample
PO#560.zip.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
4.1
http://www.talllensphotography.com/md5/
gnd3.com
thedrata.com
carbeloy.com
impactpittsburg.com
sussage.com
mikespencil.com
ghoshtechno.com
partnermassagetherapy.com
nagago.asia
parkviee.com
kichisanpo.com
awbaviation.com
shopvibeup.com
ab-alamode.com
cash4homesutah.com
funbrushstrokes.com
adeleycar.com
actsbooking.com
rojorodi.icu
fleurdelyscantho.com
bobwhiteknives.com
entrefloresdr.com
eurostarcellars.com
shipu143.com
lindsaydrees.com
turningtecc.com
reusedearth.com
theemperorbrand.com
afrohiphops.com
officehoursonly.com
pharmacistscbd.com
yaanpay.com
mymoxypets.com
sharehealthalliance.com
sparktvnetwork.com
marymoorridgecondo.com
honest-woman.com
blitzerfoto.net
vanhanhnhansu.com
lawyerspledge.com
parkwashingtondc.com
worldwideexpressweb.net
oatml.com
acquaintancenutritious.info
lukmanmalik.xyz
eudorabcantik.com
fotosdepueblo.com
latelierp.com
dogmomtreats.com
beerthirtyslc.com
greenlightsmokables.com
newyorkbusinesssolutions.com
latravesia.net
worldvisioncompany.com
radiusbrisbane.com
beachhammocking.com
games-daizo.com
customkreation.com
universiteyehazirlan.com
studentpalace.rentals
vizecix.com
new123movies.pro
skincolored.com
goldstespresso.com
Targets
-
-
Target
PO#560.zip.exe
-
Size
913KB
-
MD5
225f5938273f006356fd813e46e3fcef
-
SHA1
347cd34fd095ae8f843ee436dde5043bba8fb192
-
SHA256
69a395d24a3536ef7698ae036596bed55856d4777356946f498faec3f1395f8d
-
SHA512
a6b9d13ea56e7e22abb484de6c4d5b53b7dc645e23327c9b45d20ce872408d3a9c9c93bdf540e39dd3c4a0206f7fc5008edff5787fad1b2674ebe3e060bbfb9c
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-