General
-
Target
SecuriteInfo.com.W32.AIDetect.malware2.8271.16841
-
Size
906KB
-
Sample
210419-1jgd98314a
-
MD5
fc079ff271b7d899595dac726f2a97d3
-
SHA1
b791868359118a324ca421e53de444b3c20b7b9a
-
SHA256
3e57610037924c21124e91f187f11f45e1d1cc44de45a1d965cd29a92d56f450
-
SHA512
e798b5788568db00f0512f99a607674770d2f249c9f4723faa9f71c0cc128065ac15b69e069951efa64813f6c889acb47b7775a3421c0b89afa252e71a843075
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetect.malware2.8271.16841.exe
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.joomlas123.info/3nop/
bakecakesandmore.com
shenglisuoye.com
chinapopfactory.com
ynlrhd.com
liqourforyou.com
leonqamil.com
meccafon.com
online-marketing-strategie.biz
rbfxi.com
frseyb.info
leyu91.com
hotsmail.today
beepot.tech
dunaemmetmobility.com
sixpenceworkshop.com
incrediblefavorcoaching.com
pofo.info
yanshudaili.com
yellowbrickwedding.com
paintpartyblueprint.com
capricorn1967.com
meucarrapicho.com
41230793.net
yoghurtberry.com
wv0uoagz0yr.biz
yfjbupes.com
mindfulinthemadness.com
deloslifesciences.com
adokristal.com
vandergardetuinmeubelshop.com
janewagtus.com
cloudmorning.com
foresteryt01.com
accident-law-yer.info
divorcerefinance.guru
wenxiban.com
589man.com
rockerdwe.com
duftkerzen.info
igametalent.com
yoursafetraffictoupdates.review
jialingjiangpubu.com
maximscrapbooking.com
20sf.info
shadowlandswitchery.com
pmbnc.info
shoppingdrift.online
potashdragon.com
ubkswmpes.com
064ewj.info
rewsales.com
dealsforyou.tech
ziruixu.com
naehascloud.com
smokvape.faith
sunflowermoonstudio.com
stepgentertainment.com
tawbj.info
besthappybuds.net
koohshoping.com
ajikrentcarsurabaya.com
jkjohnsroofingfl.com
whatsnexttnd.com
yoyodvd.com
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetect.malware2.8271.16841
-
Size
906KB
-
MD5
fc079ff271b7d899595dac726f2a97d3
-
SHA1
b791868359118a324ca421e53de444b3c20b7b9a
-
SHA256
3e57610037924c21124e91f187f11f45e1d1cc44de45a1d965cd29a92d56f450
-
SHA512
e798b5788568db00f0512f99a607674770d2f249c9f4723faa9f71c0cc128065ac15b69e069951efa64813f6c889acb47b7775a3421c0b89afa252e71a843075
-
Formbook Payload
-
Adds policy Run key to start application
-
Suspicious use of SetThreadContext
-