General
-
Target
mal.pif
-
Size
591KB
-
Sample
210722-2bczf9mp4n
-
MD5
b9bca038d7532ec8a1a9ba0e867061bc
-
SHA1
6596ac1216bf03d88482415755c499ed6388cab4
-
SHA256
24d91f6c3dcad36d65e45821d520aaabc2f4a87bb1ab512d6807377010d5680e
-
SHA512
861bfb748cd3060698d23e04e0b58d2e2eb12dedfbfdeeece6a5643bdeab9472bbe3f73d144e95fd78e8ee862ae3fde9385b11b2f35b0ea0c974326d70846e6d
Static task
static1
Behavioral task
behavioral1
Sample
mal.pif.exe
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.trendtechpros.com/sm3l/
svp-india.com
feistyflowerfarmers.com
artprogressive.com
thedavidweaver.com
currentputative.life
bluedot3dwdbuy.com
xxxmeetme.com
signify2.com
converseshoes-canada.com
schemabuilder.net
crmcti.com
mctrh.com
ringroadpartners.com
stresslesspilates.com
directorytexas.xyz
sarahcarver.com
diigveda.com
lifeliveslive.com
inprize2020.club
sellerbantuan-bukalapak.com
thesawbuddy.com
vtolworldwide.com
montespc.com
mylifeinpark.com
etten-api.com
plantersam.com
themcg.net
tax-account.net
laurelhomesgroup.com
epmconsultants.com
air.guide
shopfabrique.com
publicretirementinfo.com
diversifiedforest.com
bodurm.com
aphroditesspiritualshop.com
vinowolf.com
teja-online.com
junion.site
regenmedica.com
soulfulparent.com
elcorazondemama.com
bench-oat.com
abrewhomes.com
premiocovid-19.com
palmaunlocked.com
bylauralittle.com
stikepage.com
miabogadorolon.com
hungyivn.com
interlacer.com
liang831113.com
onlinepracticebox.com
easycookingmastermind.com
murderofasun.tech
mybabytennis.com
margaritagift.com
utx88.com
bofengjiaoyegs.com
reforming-toilets.xyz
eaoaj.com
only-king.com
nearinn.com
fitsportshop.com
Targets
-
-
Target
mal.pif
-
Size
591KB
-
MD5
b9bca038d7532ec8a1a9ba0e867061bc
-
SHA1
6596ac1216bf03d88482415755c499ed6388cab4
-
SHA256
24d91f6c3dcad36d65e45821d520aaabc2f4a87bb1ab512d6807377010d5680e
-
SHA512
861bfb748cd3060698d23e04e0b58d2e2eb12dedfbfdeeece6a5643bdeab9472bbe3f73d144e95fd78e8ee862ae3fde9385b11b2f35b0ea0c974326d70846e6d
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-