General
-
Target
_PI.gz
-
Size
692KB
-
Sample
210423-edtdv7nr6e
-
MD5
a51dd9a68a95cdcc18e1fc4c9dd32e80
-
SHA1
0fad6b82e2fe7667287f2db60c65ca6e38d95015
-
SHA256
5b03193577fcef8a56df4c9a781c91eef18dc3aed4db5b292c03a6deb31ed856
-
SHA512
60b82a4d28d847032ee1564e5fdc810a1d1c3e707e0c8092eb07aba90cebd131090e7f002f4829e70b978b1c94371754427675bd82754e3a51d0521844ce10bf
Static task
static1
Behavioral task
behavioral1
Sample
PI.exe
Resource
win7v20210408
Malware Config
Extracted
formbook
4.1
http://www.middlehambooks.com/klf/
podcastyourvote.com
northernlsx.com
guide4idiots.com
artebythesea.com
sapanyc.com
livinoutthedreamsco.com
thepowersinyou.com
protocolmodern.com
holdergear.com
betteringthehumanexperience.xyz
agnostec.com
royermaldonado.com
wealthtruckingco.com
artcode-software.com
microsoftpods.com
identityofplace.com
algoritas.com
grandpaurbanfarm.net
zahidibr.com
flawlessdrinking.com
amymako.com
tinymodeldiana.com
restoremyorigin.com
gyrostoyou.com
boiler-portal.com
aprilmarieclaire.com
midollan.com
finestfaux.com
lownak.com
okque.com
woodandresin.club
benficalovers.com
fangyu5827.com
tententacleshydro.com
oouuweee.com
sgsnit.com
fairisnotfair.com
shpwmy.com
238olive.com
4515a.com
frontrangetechnologies.com
v-travelclub.com
supportserverhotline23.info
snowandmotion.com
colinboycemp.net
yowoit.com
neopivot.com
singlebarrel.net
esdras-almeida.com
contecoliving.com
doctorsdietgulfport.com
issue72-paypal.com
pubgfrut.com
constipationhub.com
themodernspiritualgoddess.com
qzhongkong.com
bizcert360.com
nashvillegems.com
barryteeling.com
wzocflfor.com
mirrorsmarbella.com
nyariorganics.com
packtmall.com
100973671.review
Targets
-
-
Target
PI.exe
-
Size
893KB
-
MD5
2c2689d8df4d2bcfa0ed7ec258dd2995
-
SHA1
b709bf1f74f0788bf531f6456377de5f11d3cbad
-
SHA256
347d1f815da2688725cc8fe7bfa9cc5369800b8d30bcddce7ac4bc6a21f972e7
-
SHA512
bad3421f762bf2376b9f8414008d8fe427612afcef7b202c31baed0d93e46ef19bcb67696a950438aedb0f4fee491f274fccc1c4d47262e4af60f81ba5e52ee9
-
Formbook Payload
-
Suspicious use of SetThreadContext
-