General
-
Target
Sales_Order description.exe
-
Size
476KB
-
Sample
210408-zpjhykgb2x
-
MD5
9cf418b47ac9b4039e9d2f3073b525f0
-
SHA1
1cbd1fe3fcba287ccc7b1518e6da52918a1edda0
-
SHA256
9c6abdf1e5ff719e261ea153555b981cd907ba5f79f50943d679d59967eba445
-
SHA512
c5c5c0d190db2437039681746ce3d9e84666d6d660d86ec7e8ad3d8676e6b4bc32405b7fc6fadb025b3ed0a6555536be10a7015fcd3838226099e5b2da6df928
Static task
static1
Behavioral task
behavioral1
Sample
Sales_Order description.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
4.1
http://www.discorddeno.land/suod/
casirivimab.info
johnvogia.com
lzdafang.com
tarihmarketi.com
singalongpress.com
three60farms.com
websky.pro
jacketsmecca.com
magentos6.com
brooksideseniorapts.com
onewhistleandflags.com
naturopathe-valdoise-france.com
reflexmem.com
kurumsalpanel.com
bhuwarecruitment.com
exponentialhealth.online
posttensionrepairs.com
prbrokerllc.com
aashealthcarestaffing.com
pubgeventcenter.com
nashvilleluxuryrealty.com
okaygay.com
elizabethtatumphotog.com
saanvicreation.com
siouxfallsart.com
links-dentu.com
aitepizza.com
aguacatedemexico.com
59kaixin.com
dyatag.com
407wg.com
hustlrrrs.com
dreambux.online
alkolikoli.com
cabianca.net
dggdn.com
thebridgerealtygroup.com
concreteone.info
irawpowder.com
uu365ww.com
tattooankara.com
mobileshopmanager.com
bykarlisromero.com
mehmeterdas.com
prodezzadesign.com
mothersontex.com
ceim-recruit-sk.info
huayonlinewinner.com
xiongzhuai.com
peoplehrgroup.com
rasamrise.com
craftsmanwork.com
mysidewalkshops.com
infinity-gps.com
groentenenfruitbale.site
patricktourandtransfer.com
essexcomputing.co.uk
cafelongvu.com
annecy-taxi.com
iirinc.com
baileyscuppacrew.co.uk
1simpledrop.com
manicomzaley.com
rentlondonapartment.com
Targets
-
-
Target
Sales_Order description.exe
-
Size
476KB
-
MD5
9cf418b47ac9b4039e9d2f3073b525f0
-
SHA1
1cbd1fe3fcba287ccc7b1518e6da52918a1edda0
-
SHA256
9c6abdf1e5ff719e261ea153555b981cd907ba5f79f50943d679d59967eba445
-
SHA512
c5c5c0d190db2437039681746ce3d9e84666d6d660d86ec7e8ad3d8676e6b4bc32405b7fc6fadb025b3ed0a6555536be10a7015fcd3838226099e5b2da6df928
-
Formbook Payload
-
Nirsoft
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-