General
-
Target
INVOICE20210422990388921.exe
-
Size
927KB
-
Sample
210422-xemt79gx4s
-
MD5
0d1ba315df020e9a09a71fdfcc224e58
-
SHA1
28c5fcd5277f28e6dd902176fe5424253629a569
-
SHA256
80513ce09728ee99387db56c825b6f2ec5ad274f5c90117d25ca822deeb98419
-
SHA512
489793ddf48c2dde19a512c46fc38b5eed16e50ed7d55378635d62887fa5e1b1c38608d13c2903d1a4d3945d46009ad2334a73c56d56198d58ef20f9a45fda4a
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE20210422990388921.exe
Resource
win7v20210408
Malware Config
Extracted
formbook
4.1
http://www.merckcbd.com/dei5/
studiomullerphoto.com
reallionairewear.com
dogsalondoggy-tail.com
excelmache.net
bigdiscounters.com
7986799.com
ignition.guru
xiaoxu.info
jpinpd.com
solpool.info
uchooswrewards.com
everestengineeringworks.com
qianglongzhipin.com
deepimper-325.com
appliedrate.com
radsazemehr.com
vivabematividadesfisicas.com
capacitalo.com
somecore.com
listingclass.net
romel.codes
mybettermentor.com
hxc43.com
btccvil312723.com
rudiskenya.com
internationalrockmusic.com
wudiwifi.com
scienceacademyraj.com
tumulusinnovations.com
studioeduardobeninca.com
formabench.com
ribbonredwhiteandblue.com
miningequipmentrental.com
myamom.com
riversportswear.net
14505glenmarkdr.com
nikolcosmetic.com
toninopr.com
cutfortheconnect.com
nl22584.com
mezokovesd.com
rozhandesign.com
futbolki.space
rmobipanoshop.com
merchmuslim.com
recurrentcornealerosion.com
enottampan.com
vasquez.photos
koreanmindbeauty.com
andressabode.com
thetwolouises.com
weberbyroble.com
followmargpolo.com
englishclubb.online
sorryididnthearthat.com
greatlookfashion.club
cartoleriagrillocatania.com
esteprize.com
sdsej.com
phiecraft.xyz
psm-gen.com
passivefiresafe.com
homeyplantycosy.com
0343888.com
Targets
-
-
Target
INVOICE20210422990388921.exe
-
Size
927KB
-
MD5
0d1ba315df020e9a09a71fdfcc224e58
-
SHA1
28c5fcd5277f28e6dd902176fe5424253629a569
-
SHA256
80513ce09728ee99387db56c825b6f2ec5ad274f5c90117d25ca822deeb98419
-
SHA512
489793ddf48c2dde19a512c46fc38b5eed16e50ed7d55378635d62887fa5e1b1c38608d13c2903d1a4d3945d46009ad2334a73c56d56198d58ef20f9a45fda4a
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-