General
-
Target
0b36d66a0df438fbf3bc712b6c55d8aefa42139d4c95b92d7ca72e3cf8dedb7c
-
Size
823KB
-
Sample
210504-bgvbwrzlh2
-
MD5
044b98a3ce8315a0b0cd8e7ebe61f7e0
-
SHA1
d350a93f2a44ca872e2efba0032eb33490c874c0
-
SHA256
0b36d66a0df438fbf3bc712b6c55d8aefa42139d4c95b92d7ca72e3cf8dedb7c
-
SHA512
16f686455dda18b7c088dd06d7cbd6ed1efd7dd382f13c7e2fbc76e0d996b1525e8dc32d599fc1ff678661b8c96484196b33b731472134e93b6fceba673d9854
Static task
static1
Behavioral task
behavioral1
Sample
0b36d66a0df438fbf3bc712b6c55d8aefa42139d4c95b92d7ca72e3cf8dedb7c.exe
Resource
win7v20210408
Malware Config
Extracted
formbook
3.9
http://www.nyoxibwer.com/a8c/
kesslergroupinternational.net
elcarretazo.com
livbim.info
thamxop.net
abitur.expert
cidavidjoy.com
digitalkarwaan.com
hcave.com
foundbyjack.com
servicarpasjc.com
giaotrinh24h.com
ladasno.com
harrisxn.com
bestbtccasinos.info
australianflying.com
louboutinshoes.site
taohaomi.net
s5league-europe.com
lizhongysw.com
imizuspotsboxboxinggym.com
monterroportal.com
omegaadvisory.info
globaldigitalprohub.com
rocketradiolegends.com
botafogousa.com
lefthandchurch.com
10-2johnsonstreetnorthcote.com
646frj.faith
chinalihe.com
cttexpresso292738.site
uncoveredforums.com
torpedo-ab.com
merchantlightingconsultants.com
llfireworks.com
champa-chameli.com
costus-marin.com
hecvision.com
drgrsdgrr.com
aussieducation.com
zulufaces.com
sdoykz.com
digitalmarketingpartnerz.com
margaretbialis.com
qiehao.online
thinkingcustard.com
emerya.win
junenng-zh.com
xn--0lq70ehybmwhzx1h.com
mbchurch.live
catcurios.com
waisttrainner.com
tragedel.com
4e73.com
chasingsdgs.com
michaelboydatlanta.com
thubnailseries.com
wanli118.com
wongelectric.net
gydsyj.com
onesquare-trust.com
wlqp55.com
cbmissionfund.com
allianxgroup.com
blessedladyoutlet.com
Targets
-
-
Target
0b36d66a0df438fbf3bc712b6c55d8aefa42139d4c95b92d7ca72e3cf8dedb7c
-
Size
823KB
-
MD5
044b98a3ce8315a0b0cd8e7ebe61f7e0
-
SHA1
d350a93f2a44ca872e2efba0032eb33490c874c0
-
SHA256
0b36d66a0df438fbf3bc712b6c55d8aefa42139d4c95b92d7ca72e3cf8dedb7c
-
SHA512
16f686455dda18b7c088dd06d7cbd6ed1efd7dd382f13c7e2fbc76e0d996b1525e8dc32d599fc1ff678661b8c96484196b33b731472134e93b6fceba673d9854
-
Formbook Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-