General
-
Target
IMAGE 005667.exe
-
Size
774KB
-
Sample
210510-slw64tka9j
-
MD5
e001b88c46b3e8da9380d8e0f5ee879e
-
SHA1
450d538f9d57f78075dd5fbf889841d4a0822172
-
SHA256
d91c6941790f363546482c6dd71f70a1c54cf1e9f4666f4aaca5931d3395593b
-
SHA512
d574afe8394696528b08c037615cf41a138207e8c653072dd85b31ac47f76dcb56ef692b6a8dd607357b2a6b467d3c5ae2bc65ac54c8cd9d65a3c2b795fdd0ce
Static task
static1
Behavioral task
behavioral1
Sample
IMAGE 005667.exe
Resource
win7v20210408
Malware Config
Extracted
formbook
4.1
http://www.glittergalsboutique.com/8buc/
affiliatetraining101.com
sun5new.com
localstuffunlimited.store
getmrn.com
nipandtucknurse.com
companycreater.com
painfullyperfect.com
3dmobilemammo.com
theredbeegroup.net
loochaan.com
alanoliveiramkt.com
lxwzsh.com
twobookramblers.com
cscardinalmalula.net
hanarzr.com
sabaicp.com
foodprocessmedia.com
tirongroup.com
dcentralizedcloud.com
xn--80abnkzb2a.xn--p1acf
breadnight.icu
auchancasechallenge.com
szparallel.com
weddingbashboutique.com
youyoudog.com
thewillowsbanbury.co.uk
chef-delivered.com
onehealth.systems
energypotusa.com
racturingleaseless.net
juxrams.info
iwantmyribback.com
treasurevalleydeals.com
praveenverma.com
brucehomesinc.com
alexisbosch.com
xzwykj.com
alchemizewithraquel.com
virtualsellingcourse.com
avvab.com
mainstfarm.com
eddyunmasked.com
yobienbien.com
atmanirbharbharatrelease.com
everythingteacherish.com
thesheshedatl.com
osonautical.com
beez-safe.com
scsasandiego.com
leirun.net
xdbdb.com
coffee-md.com
quiltingvine.com
bharathextract.com
weekendrubs.com
vendopatentes.com
carportmaterials.com
k-ann.com
scallywagbeats.com
ecreatorstest.com
financeetc.net
vemaybaygiareonline.com
lolatto.com
puffin-coolers.com
Targets
-
-
Target
IMAGE 005667.exe
-
Size
774KB
-
MD5
e001b88c46b3e8da9380d8e0f5ee879e
-
SHA1
450d538f9d57f78075dd5fbf889841d4a0822172
-
SHA256
d91c6941790f363546482c6dd71f70a1c54cf1e9f4666f4aaca5931d3395593b
-
SHA512
d574afe8394696528b08c037615cf41a138207e8c653072dd85b31ac47f76dcb56ef692b6a8dd607357b2a6b467d3c5ae2bc65ac54c8cd9d65a3c2b795fdd0ce
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-