General
-
Target
GZocMWoCzL3Rd62.exe
-
Size
776KB
-
Sample
210508-1zje7e5z4j
-
MD5
7fa5e34cdc678f80f7086dae5da6c932
-
SHA1
17a328e171beeaeb9cbf2c6fae4d1767c4f859bf
-
SHA256
de96d53592393fa5cd5dc6ed2d8d9430245ac083643591b6f060a4efc2e044d6
-
SHA512
e45190526be45344626a8cc4d769118927f3eab017e3a631c5d9dd34a8fbdcdce4719f54704cfef10b91980e83a667c09178b366ac48b6d4f1ceecac832ce017
Static task
static1
Behavioral task
behavioral1
Sample
GZocMWoCzL3Rd62.exe
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.itoatoapparel.com/hfg/
0nqcaw.com
seamtube.com
chinachongren.com
shop-deinen-deal.com
socialmediabutler.net
careerenabler.net
trumpmasksshop.com
theopulencegroups.com
meshfacilities.com
sedaifu.com
ahesitanttraveler.com
xn--nbkvf9b5bzfx438ch6sa.com
iqrafootwearbd.com
akurasushinewyorkny.com
paginasny.com
www7shire.com
frenchyoutlet.com
lw14.com
nmdetransports.net
advjuniorconsultoria.com
microsoftdynamicsgroup.com
tuila.online
snapfinance-vip.com
melodiestreety.com
sepulcrovacio.com
corsgrupo.com
lavenso.net
bedbudandbeyond.net
grantsawinganddrilling.com
szhuayingt.com
lacuevazaragoza.com
msmommycaribbeanmarket.com
azaleafitch.net
hdfreeunlinited.com
cardiologianordelta.com
3in1toothfairy.com
xfsdgy.com
true92essentials.com
devis-danseuse-bresilienne.com
helpinghandsrecoveryaz.com
yngygcgs.com
arkavion.com
superteamexpansion.com
pintax.info
rainbowswim.net
webtinchap.com
projecteutopia.com
leuwvwgwvw.net
smithmountainrentals.com
economicimpactanalysis.com
lifeclub.pro
pitchforprofits.com
chaytel.com
akhlaghnews.com
xn--1-vr6ek4e.com
revicadsolutions.com
nuitek.com
bootersatlanta.com
yapasphoto.online
quant-china.xyz
xn--7dv6eu89e.com
diecasttalk.com
bracebaby.com
sonderbach.net
Targets
-
-
Target
GZocMWoCzL3Rd62.exe
-
Size
776KB
-
MD5
7fa5e34cdc678f80f7086dae5da6c932
-
SHA1
17a328e171beeaeb9cbf2c6fae4d1767c4f859bf
-
SHA256
de96d53592393fa5cd5dc6ed2d8d9430245ac083643591b6f060a4efc2e044d6
-
SHA512
e45190526be45344626a8cc4d769118927f3eab017e3a631c5d9dd34a8fbdcdce4719f54704cfef10b91980e83a667c09178b366ac48b6d4f1ceecac832ce017
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-