General
-
Target
Order Inquiry.exe
-
Size
222KB
-
Sample
210408-zrdtzkhyg6
-
MD5
6664568334aabc380dda1821fdd379d9
-
SHA1
8b847d59b54068e0cb5316c1e4f6e5db286d98d9
-
SHA256
ee0a32169adde722c5652fb40046d8251fa8a89ce615a637ed5708372af0d163
-
SHA512
cb391712b7c9138cb12bc5f0176ddb7739f25db7e1c4da03b02ba0b68ba0cce00650341230f189fff1f398eab7ac0ac2584d4d171a5f6430c78130dbd6e431fa
Static task
static1
Behavioral task
behavioral1
Sample
Order Inquiry.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
4.1
http://www.c-voyageinc.com/r4ei/
8clintonstreet.com
sherylhotpepperblends.com
eucham.asia
earnestqueen.com
vstexchange.com
theoutofbounds.com
allincursive.com
getgenevieved.com
commonlawpeoplesassembly.net
brideclubstorerastreamento.com
cngelectricaldesign.com
mizmaleather.com
nicolabenge.com
babyboxbuy.com
xaydungquan9.com
hclifechurch.com
cwyxonlp.icu
inocentkidd.com
worldhw.com
soul.exchange
garshbedmi.info
hayratindonesia.com
optimummedical-uk.com
jagocopywriter.com
loandong.com
tnacharters.com
rdj-cpa.com
nklwmb.com
baykusbaskimerkezi.xyz
websiteworlda-z.com
gulumsekoop.xyz
artforthebayarea.com
hkafrfudl.icu
thekhufureign.com
stanfordcodingtutor.com
puoynios.website
saearners.info
epipdfhany.com
cowboycooloutfitters.net
therealrefinery.com
royal-english-academy.com
dante.report
montonvuraeditted.space
webuytampabayhouses.com
phorice.com
juxrams.info
francisboyrd.com
edifice-base.com
shjzly.com
frisdrank.deals
cannajointn.com
dianshi.ink
droneserviceshouston.com
swaymontoya.com
omvvv.com
yourherogarden.net
areenaarora.com
complex-kokukenzyo.com
minyakgelici.com
municipiodeanton.net
opimexico.com
xgame.online
squrl.network
bayleafdenver.info
Targets
-
-
Target
Order Inquiry.exe
-
Size
222KB
-
MD5
6664568334aabc380dda1821fdd379d9
-
SHA1
8b847d59b54068e0cb5316c1e4f6e5db286d98d9
-
SHA256
ee0a32169adde722c5652fb40046d8251fa8a89ce615a637ed5708372af0d163
-
SHA512
cb391712b7c9138cb12bc5f0176ddb7739f25db7e1c4da03b02ba0b68ba0cce00650341230f189fff1f398eab7ac0ac2584d4d171a5f6430c78130dbd6e431fa
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-