General
-
Target
2e2eba416b6ec3efaace0621e8e229d2.exe
-
Size
333KB
-
Sample
210420-8a6c3qb8b2
-
MD5
2e2eba416b6ec3efaace0621e8e229d2
-
SHA1
c638e91299adc8ff3e0e21120e9417feed819861
-
SHA256
398e6661f5ca757d0d7c777a0ed8ca1481b5c2df810008164e1f51deefc2ab48
-
SHA512
eae1ceb02e8130b507041125c589e4ab2beea7e110abd600029b8f2a42beb6e1c14f0b1c3c4d654d715cf0c4dfe838740a83a09df3d2abbf5b2bd7c919282201
Static task
static1
Behavioral task
behavioral1
Sample
2e2eba416b6ec3efaace0621e8e229d2.exe
Resource
win7v20210408
Malware Config
Extracted
formbook
4.1
http://www.stepsaudio.com/mjl/
assetscheck.com
domauritius.com
therealnotary.com
xcusehrreje.com
modernhub.info
ckr7.com
umbracreations.net
dikanji.com
gaonwale.com
behind-the-pink-door.com
xn--4dbaigbvbe5b1a.net
cbcsnesscity.com
db-mktdigital.com
jackaldenryan.com
china-xinkai.com
856380511.xyz
sonoraquwat.com
chinaiess.com
blockchainisgreat.com
yax98.com
trickvv.com
yourmostepiclife.com
racastec-aid.com
nchuangyi.com
arteensedalucrativo.com
cavanvanrental.com
maniakea.com
sahjiindia.com
hataysonhaber.com
tyrkietspecialisten.com
globalturkey-import-export.com
orgahut.com
david-will.com
jobs-preparation.com
xinhdep.info
tuiwang.net
margaritmasonry.com
fenganswer.com
diesalfueldelivery.com
andeve.agency
divyadyuti.com
flyusvip.com
howdo.industries
minksywinks.com
styledbykandk.com
galaxyofgadget.com
beijingzhihuicaiyuan.com
ahjiuwen.com
socialbot.agency
carolyngowercoaching.com
greenbarmiami.com
thejewelpop.com
outlawdisciple.com
2vv-c.com
handut.com
aksessories.com
thatsfuckinginterestingman.net
nbnyxxpt.com
juicykingcrabexpress2006.com
elsegundotequilabar.com
floryi.com
xsgtt.com
voipchip.com
andreaventuroli.com
Targets
-
-
Target
2e2eba416b6ec3efaace0621e8e229d2.exe
-
Size
333KB
-
MD5
2e2eba416b6ec3efaace0621e8e229d2
-
SHA1
c638e91299adc8ff3e0e21120e9417feed819861
-
SHA256
398e6661f5ca757d0d7c777a0ed8ca1481b5c2df810008164e1f51deefc2ab48
-
SHA512
eae1ceb02e8130b507041125c589e4ab2beea7e110abd600029b8f2a42beb6e1c14f0b1c3c4d654d715cf0c4dfe838740a83a09df3d2abbf5b2bd7c919282201
-
Formbook Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-