General
-
Target
ba01df16e4c876e078348fd4479a8fdf.exe
-
Size
717KB
-
Sample
210504-7pgf2n4cs6
-
MD5
ba01df16e4c876e078348fd4479a8fdf
-
SHA1
6c7f20976d3e7d9bf9f8a410cbc54962d1ef52bb
-
SHA256
8353e30c6566795da3e5aa38a22b4707ee895cfa115ffa399cfbe7d57d00f91d
-
SHA512
7d828277f9dfd39755b015cb25ee713159c2cf9d812ea938b408e0c21b9004b72d9efa21def95dfa307838db56558fd8e507ad10b887e1ed7ca1219a53e8747c
Static task
static1
Behavioral task
behavioral1
Sample
ba01df16e4c876e078348fd4479a8fdf.exe
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.kelurahanpatikidul.xyz/op9s/
playsystems-j.one
exchange.digital
usaleadsretrieval.com
mervegulistanaydin.com
heavythreadclothing.com
attorneyperu.com
lamuerteesdulce.com
catxirulo.com
willowrunconnemaras.com
laospecial.com
anchotrading.com
mycreditebook.com
jiujiu.plus
juniperconsulting.site
millionairsmindset.com
coronaviruscuredrugs.com
services-office.com
escanaim.com
20svip.com
pistonpounder.com
lasecrete.com
sabaimeds.com
madinatalmandi.com
jumlasx.xyz
smartspeicher.net
punkyprincess.com
herren-pharma.com
belfastoutboard.com
safifinancial.info
xn--15q04wjma805a84qsls.net
washingtonrealestatefinder.com
jewishdiaspora.com
aerinfranklin.com
taylorglennconsulting.com
fartoogood.com
samjinblock.com
minianimedoll.com
saporilog.com
littlebirdwire.com
xn--farmasi-kayt-c5b.com
purifiedgroup.com
purifymd.com
renewedspacesofva.com
pilardasaude.com
varietycomplex.com
leadsprovider.info
streamxvid.com
manuelbriand.com
hellosunshinecrafts.com
hellodecimal.com
4980057280880200.xyz
dynmit021.digital
hotdogvlog.com
fairyrugs.com
ievapocyte.com
prospecsports.com
proteknical.com
36rn.com
mongdols.com
rentportals.com
drcpzc.com
h59h.com
sonjowasi.com
nalanmeat.com
Targets
-
-
Target
ba01df16e4c876e078348fd4479a8fdf.exe
-
Size
717KB
-
MD5
ba01df16e4c876e078348fd4479a8fdf
-
SHA1
6c7f20976d3e7d9bf9f8a410cbc54962d1ef52bb
-
SHA256
8353e30c6566795da3e5aa38a22b4707ee895cfa115ffa399cfbe7d57d00f91d
-
SHA512
7d828277f9dfd39755b015cb25ee713159c2cf9d812ea938b408e0c21b9004b72d9efa21def95dfa307838db56558fd8e507ad10b887e1ed7ca1219a53e8747c
-
Formbook Payload
-
Suspicious use of SetThreadContext
-