General
-
Target
CONTRACT AGREEMENT.exe
-
Size
922KB
-
Sample
210422-gbbwm59lae
-
MD5
8c4ef77f2188376d18585f302cf246f8
-
SHA1
dddb03519e45d1674c2c5c703113d63741c30c95
-
SHA256
c4694ce810c06b60cd032b8ff67964924a0c273a81f8ca5ce55064cf9fb6ec0a
-
SHA512
e57624896f71e832353129a9de073673e211c0904fcd61d0172a08487582f0e649c831c1465e6837cb0a84580a721680a8553ad563d80f7c0123049deee1431a
Static task
static1
Behavioral task
behavioral1
Sample
CONTRACT AGREEMENT.exe
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.middlehambooks.com/klf/
podcastyourvote.com
northernlsx.com
guide4idiots.com
artebythesea.com
sapanyc.com
livinoutthedreamsco.com
thepowersinyou.com
protocolmodern.com
holdergear.com
betteringthehumanexperience.xyz
agnostec.com
royermaldonado.com
wealthtruckingco.com
artcode-software.com
microsoftpods.com
identityofplace.com
algoritas.com
grandpaurbanfarm.net
zahidibr.com
flawlessdrinking.com
amymako.com
tinymodeldiana.com
restoremyorigin.com
gyrostoyou.com
boiler-portal.com
aprilmarieclaire.com
midollan.com
finestfaux.com
lownak.com
okque.com
woodandresin.club
benficalovers.com
fangyu5827.com
tententacleshydro.com
oouuweee.com
sgsnit.com
fairisnotfair.com
shpwmy.com
238olive.com
4515a.com
frontrangetechnologies.com
v-travelclub.com
supportserverhotline23.info
snowandmotion.com
colinboycemp.net
yowoit.com
neopivot.com
singlebarrel.net
esdras-almeida.com
contecoliving.com
doctorsdietgulfport.com
issue72-paypal.com
pubgfrut.com
constipationhub.com
themodernspiritualgoddess.com
qzhongkong.com
bizcert360.com
nashvillegems.com
barryteeling.com
wzocflfor.com
mirrorsmarbella.com
nyariorganics.com
packtmall.com
100973671.review
Targets
-
-
Target
CONTRACT AGREEMENT.exe
-
Size
922KB
-
MD5
8c4ef77f2188376d18585f302cf246f8
-
SHA1
dddb03519e45d1674c2c5c703113d63741c30c95
-
SHA256
c4694ce810c06b60cd032b8ff67964924a0c273a81f8ca5ce55064cf9fb6ec0a
-
SHA512
e57624896f71e832353129a9de073673e211c0904fcd61d0172a08487582f0e649c831c1465e6837cb0a84580a721680a8553ad563d80f7c0123049deee1431a
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-