General
-
Target
w73FtMA4ZTl9NFm.exe
-
Size
762KB
-
Sample
210504-r9tfvdgvbe
-
MD5
ff44bfe6955f4d11f915b4a0b818fc7c
-
SHA1
3e094caff011346ad02aeafcb5769a519cf10dc0
-
SHA256
929fd55e632471f4f35295e574c6814a3de9662398b7a606e352ecba9c52de7e
-
SHA512
f4ee80c0bb0bae5532b880ffa704d8d99f06c0c6b3699b95be3e802347345b7cc62251ff16a0a1023303a1a72f987d39be271579652c0364485a82e7e2ab649d
Static task
static1
Behavioral task
behavioral1
Sample
w73FtMA4ZTl9NFm.exe
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.naiping8.com/blm/
basilaws.com
laesses.com
isematsudai.com
cafperfect.com
listocalistoanimation.com
bikesofthefuture.com
sweette.com
instagramhelpsnow.com
wuxians.com
canadianpayday.loans
tiklaulan.xyz
marketingbuddhi.com
centrocaninopochs.com
doodletrends.com
praiship.com
alghuta.com
kompramania.com
thenewdawncompany.com
shopthegoodbar.com
emergencyuavsolutions.com
mayratienecasas.com
gitaffiliate.com
jdanielfit.com
raisingarrowsbirthservices.com
shirleyvansteenis.com
jrlsports.com
untiedpockets.com
dingdongpaw.com
skytrustconstruction.com
shainamgmtsolns.com
findinkjams.com
erisedu.com
marikell.com
nelivo.com
nyatigroupera.net
herbyvet.com
satviksumi.com
earthnetic.com
coronamimos.com
neurologistaandreialamberti.com
tom-kiesel.com
creativegrowthllc.com
unitrackerindo.com
bgetaway.com
humanmarijuana.com
somuch2dohere.com
gpt4every.com
hunandanei.com
honu360vr.com
abn-co-host-listing-46731.xyz
sitewebinfo.com
iqiongtian.com
evolvecommpr.com
4980061061670012.xyz
checkoutmyimages.com
shifamedico.com
tonygwynnclassic.com
shopalndrinks.com
nawabebiryanis.com
productionlads.com
zhjuku.com
hbchuangjie.com
fleurdelyshospitality.net
tiffanybluandyou.com
Targets
-
-
Target
w73FtMA4ZTl9NFm.exe
-
Size
762KB
-
MD5
ff44bfe6955f4d11f915b4a0b818fc7c
-
SHA1
3e094caff011346ad02aeafcb5769a519cf10dc0
-
SHA256
929fd55e632471f4f35295e574c6814a3de9662398b7a606e352ecba9c52de7e
-
SHA512
f4ee80c0bb0bae5532b880ffa704d8d99f06c0c6b3699b95be3e802347345b7cc62251ff16a0a1023303a1a72f987d39be271579652c0364485a82e7e2ab649d
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-