General
-
Target
9ea8f0cefae38838925df14a6f2a29d6
-
Size
917KB
-
Sample
210715-2p7bb9y71x
-
MD5
9ea8f0cefae38838925df14a6f2a29d6
-
SHA1
39e17f53087911a9d716f7e1d4c93789995de4de
-
SHA256
7d46e9015525b4cc3c23cd864847208ec36bad8ddfadb56b672d8c0acbfeae6a
-
SHA512
e5fb01e53387ae415ff66b091ef6687ae0319d0abb117028c4123e2187488a8252ebeafbc96f5ff135498b10fa622399a4f37bda963cd884a3e517ffe32b7815
Static task
static1
Behavioral task
behavioral1
Sample
9ea8f0cefae38838925df14a6f2a29d6.exe
Resource
win7v20210408
Malware Config
Extracted
formbook
4.1
http://www.survivai.com/bsdd/
533dh.com
galerisikayet.xyz
tipsyalligator.com
crystalwellnessstudio.com
moovaap.com
lelfie.network
speedy-trips.com
prospectsolucoes.com
24x7customersservice.com
szbinsen.com
shikhardeals.com
totaldenta.com
ayksjx.com
avxrja.online
24kyule888.com
ufaw.net
spinozone.com
castvoicesmsreg.com
lajollawoodworks.com
renetyson.com
stephanieodennewsletter.com
tuben8.com
thescriptshack.com
macooperativeinc.com
franklinmachado.com
breezeescape.com
conv2app.com
kreditkarten-profi.com
czscjx.com
pvj2019.com
boosagroup.com
inesperienced.com
leschenaultpottery.com
sitvsfit.net
dwsykj.com
touchsquad.com
healthythomas.com
lphomeinspections.com
officialbondandunion.com
snowgreerfamilymemories.com
superheroesindisguise.com
topimportant.com
drillinginsider.com
esflog.net
baliyogacruise.net
sdys999.com
rugpat.com
solarpollo.com
kindrehearts.com
marijuana-medicine.com
thefinal7.com
guardiadeorixa.com
kayeducates.com
francorp.business
wegatherwegrow.com
quientequitalobailado.net
ghostridercreative.com
rachaeveal.com
sourcesysstems.com
xiuli100.com
xmjer.com
support-center-login.network
conversoronlline.com
misinformationnationmovie.com
Targets
-
-
Target
9ea8f0cefae38838925df14a6f2a29d6
-
Size
917KB
-
MD5
9ea8f0cefae38838925df14a6f2a29d6
-
SHA1
39e17f53087911a9d716f7e1d4c93789995de4de
-
SHA256
7d46e9015525b4cc3c23cd864847208ec36bad8ddfadb56b672d8c0acbfeae6a
-
SHA512
e5fb01e53387ae415ff66b091ef6687ae0319d0abb117028c4123e2187488a8252ebeafbc96f5ff135498b10fa622399a4f37bda963cd884a3e517ffe32b7815
-
Formbook Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-