General
-
Target
LPO PRECISION MESHES 2352104321QQ.pdf.r11
-
Size
643KB
-
Sample
210421-4r2tkafw6n
-
MD5
740d0fb7a4addd333ba056dea2fabf3a
-
SHA1
9dde95ffbe7b47ba93be7a563412c9d29ff5ccc9
-
SHA256
528af553a32a89601588f39b35e8b2714cd479bc47648b007a564136485e3e0e
-
SHA512
80d29b6c8253e09fc98f4c1f929c1abdad65103a3a5cfd65b5b7d52d3d72ef90728961fb25c59ae044588725b93ab7827ea7aa2b39ac1d0ddd245870a2342441
Static task
static1
Behavioral task
behavioral1
Sample
LPO PRECISION MESHES 2352104321QQ.pdf.exe
Resource
win7v20210408
Malware Config
Extracted
formbook
4.1
http://www.magnumopuspro.com/nyr/
anemone-vintage.com
ironcitytools.com
joshandmatthew.com
breathtakingscenery.photos
karabakh-terror.com
micahelgall.com
entretiendesterrasses.com
mhgholdings.com
blewm.com
sidewalknotary.com
ytrs-elec.com
danhpham.com
ma21cle2henz.xyz
lotusforlease.com
shipleyphotoandfilm.com
bulktool.xyz
ouedzmala.com
yichengvpr.com
connectmygames.com
chjcsc.com
dope-chocolate.com
tacowench.com
projectsbay.com
xn--pgboc92d.com
royaldropofoil.com
ranguanglian.club
mobilne-kucice.com
buytsycon.com
goiasbets.net
blpetroleum.com
starrealms.net
exclusiveflooringcollection.com
kudalive.com
tienda-sky.com
drillinginsider.info
theglasshousenyc.com
vietnammoi.xyz
walterbenicio.com
zoomtvliveshows.xyz
boujiehoodbaby.com
yzyangyu.com
exploreecetera.com
sycord.com
waykifood.com
shadingconsultancy.com
precedentai.net
linhanhkitchen.com
expekt24.com
socialdating24.com
lubvim.com
floryi.com
alerist.com
maluss.com
hitbbq.com
alerrandrotattoo.com
algoplayer.com
idahooutsiders.com
qygmuakhk.club
neverpossible.com
winparadigm.com
toughdecorative.com
yourbuildmedia.com
summercrowd.com
josemvazquez.com
Targets
-
-
Target
LPO PRECISION MESHES 2352104321QQ.pdf.exe
-
Size
926KB
-
MD5
23420e3ded198412f33ffa460e601764
-
SHA1
326f1bb9ea091b0e8d58852512ee08bed517c64b
-
SHA256
dd2e58b3398ea6d274ba7f993a66cd67fbb2654f73012763f50b309c8b56df38
-
SHA512
d7d4ba9b58142d75eba44533d0218eb179d4b9492f2c49ab8a5bad23e96330766cf59ed4394fb7f59d1f20385adb0e949015406f40f4677ef06f5d882a59668b
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-