General
-
Target
kayx.exe
-
Size
563KB
-
Sample
210430-6tswfy43x6
-
MD5
129e1d37b93430b4bd894b16c53cd6bc
-
SHA1
9ce52826f988b0702ad49e9b1da94f8e3d044c9b
-
SHA256
28e0affe70d48a6c6fe89b76dc56c59f93521a4b606dbb6fff60a84d382e9ceb
-
SHA512
9639f5982cc0f2a56c8806a56309aa2daf6960d3a1c9bbd0e478198efd51ed425cedbd8f82a6fbe53cb80914f0b3d1ba8f6fd2c9b319b64452dae4937858edd5
Static task
static1
Behavioral task
behavioral1
Sample
kayx.exe
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.semenovdmitriik.club/bwk/
alexrabus.com
education618.com
nelivo.com
gosanispire.com
cdaboozecruise.com
lovenfys.com
wellsleyarts.com
madcord.net
aadiventura.com
prideglobalholdings.com
tu-aviso.com
rjroof.com
upthehilldogwalking.com
ultraletefit.com
opinetree.com
retiredalsolovingit.com
oculensweb.com
laurartproductions.com
uncontenido.com
elisabethchin.com
fefffisce.info
radicallymessy.church
ufdzbhrxk.icu
nerdtoysuk.xyz
alibbv.com
wellness-sense.com
northernirelandcustoms.academy
propointcleaning.com
essentials19.com
ethereumlp.com
campustore.net
dubai-tlv.com
videoadprofits.com
getblackops2hack.com
jawwal.xyz
sacpanel.com
statiajewels.com
moveincyprus.com
skip3-akjsdn.com
psychedelicsnail.com
linkitmexico.com
legalmktexas.net
kickitfashion.com
jphomedecor-01.com
iyogyl.com
wester.zone
freightlogins.com
mytinyhometips.com
shaunmdurrantbooks.com
weretheshepards.com
rigwelllifetimeonline.com
artistssupportpledge.com
hymingfeng.com
konbeca.com
mack-soldenfx.com
xywedding.com
hg62988.com
wirebeevehicles.com
barnettmt5.com
businesspartner360.com
financesdigital.com
thejadedopal.com
fragrancecollector.com
pigpigworld.com
Targets
-
-
Target
kayx.exe
-
Size
563KB
-
MD5
129e1d37b93430b4bd894b16c53cd6bc
-
SHA1
9ce52826f988b0702ad49e9b1da94f8e3d044c9b
-
SHA256
28e0affe70d48a6c6fe89b76dc56c59f93521a4b606dbb6fff60a84d382e9ceb
-
SHA512
9639f5982cc0f2a56c8806a56309aa2daf6960d3a1c9bbd0e478198efd51ed425cedbd8f82a6fbe53cb80914f0b3d1ba8f6fd2c9b319b64452dae4937858edd5
-
Formbook Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-