General
-
Target
Image001.gz
-
Size
216KB
-
Sample
210420-1p644c9nzx
-
MD5
6a9dfc143e74439689cf047f6ac8a6ae
-
SHA1
86ee4a64b501f0f746c32488d7c115f5073f765c
-
SHA256
7200e6d6b1dd98a190a8624abee4b4af6794c74e7e13b5bbb0a9302ca79b5800
-
SHA512
749c92a0ed7c5e07c74654765e9ba1cd1285ed5ff5578b62ea8884d2d5f2d673d7b255780ddb9dd7f767febd68e250c201fe21ba982e7548daa6bcfb496007ca
Static task
static1
Behavioral task
behavioral1
Sample
Image001.exe
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.riceandginger.com/fcn/
bellee-select.com
unlock-motorola.com
courtneyrunyon.com
hnzywjz.com
retrievingbest.net
ayescarrental.com
beyoutifulblessings.com
heritagediscovery.net
fasoum.com
wbz.xyz
lownak.com
alinkarmay.com
coffeyquiltco.com
validdreamers.com
yuksukcu.club
buildnextfrc.com
avantfarme.com
xyfs360.com
holisticpacific.com
banejia.com
champsn.com
ebitit.com
esseneceedibles.com
findmyautoparts.com
belenusadvisory.net
esrise.net
lovewillfindaway.net
chienluocmarketing.net
greenbelieve.com
shopyourgift.com
theweddingofshadiandmike.com
greenstavern.com
klinku.com
norastravel.com
team5thgroup.com
ohrchadash.com
hauteandcood.com
ap-333.com
jonathantyar.com
robertabraham.com
citestaccnt1597691130.com
665asilo.com
deerokoj.com
ezcovid19.com
heritageivhoa.com
ultraprecisiondata.com
alkiefsaudi.com
camelliaflowers.space
clickqrcoaster.com
ponorogokita.com
stainlesslion.com
china-ymc.com
littner.xyz
houseof2.com
metabolytix.com
1000-help6.club
another-sc.com
suafrisolac.com
whitetreechainmail.com
amazon-service-app-account.com
cruiseameroca.com
yaxett.net
adsmat.com
afternoontravel.site
Targets
-
-
Target
Image001.exe
-
Size
231KB
-
MD5
4ea509c18030b4e71413f2b2bd3b989c
-
SHA1
5ba34126a4a502bf6e5305c1e647fcf4a7488677
-
SHA256
c0ebfff80d42551c1a910f2c7b8c08af384e5ccf49c979b7bf664e6c1b731607
-
SHA512
864dfbe7e07fa4fcf15b487b6c41d20aad5c90d56518f305d8eeb2229ca3e28a9728c2ae5ef4e362d10d7f9a93996f0b67b61e8b5e224b89911152fa1a9db518
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-