General
-
Target
FORM.EXE
-
Size
934KB
-
Sample
210722-sk62nl3aes
-
MD5
bd472cf05ab7f61043a3035af93b4252
-
SHA1
0b1206c106583ea7c7ff9fb08ac0cf521e84526f
-
SHA256
c0f9927bbf25d29cc37936db7b00a09f94b23dcbec9103b77802891c49b9f4c3
-
SHA512
1f471469b87441968228af63bb8701b05eb5c94e7d6736ab24a3c68b5ff6f632bd04519ed0794cf3bd9317273db195544213bc43f139c24a5684ef4bd671c087
Static task
static1
Behavioral task
behavioral1
Sample
FORM.EXE
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.trendtechpros.com/sm3l/
svp-india.com
feistyflowerfarmers.com
artprogressive.com
thedavidweaver.com
currentputative.life
bluedot3dwdbuy.com
xxxmeetme.com
signify2.com
converseshoes-canada.com
schemabuilder.net
crmcti.com
mctrh.com
ringroadpartners.com
stresslesspilates.com
directorytexas.xyz
sarahcarver.com
diigveda.com
lifeliveslive.com
inprize2020.club
sellerbantuan-bukalapak.com
thesawbuddy.com
vtolworldwide.com
montespc.com
mylifeinpark.com
etten-api.com
plantersam.com
themcg.net
tax-account.net
laurelhomesgroup.com
epmconsultants.com
air.guide
shopfabrique.com
publicretirementinfo.com
diversifiedforest.com
bodurm.com
aphroditesspiritualshop.com
vinowolf.com
teja-online.com
junion.site
regenmedica.com
soulfulparent.com
elcorazondemama.com
bench-oat.com
abrewhomes.com
premiocovid-19.com
palmaunlocked.com
bylauralittle.com
stikepage.com
miabogadorolon.com
hungyivn.com
interlacer.com
liang831113.com
onlinepracticebox.com
easycookingmastermind.com
murderofasun.tech
mybabytennis.com
margaritagift.com
utx88.com
bofengjiaoyegs.com
reforming-toilets.xyz
eaoaj.com
only-king.com
nearinn.com
fitsportshop.com
Targets
-
-
Target
FORM.EXE
-
Size
934KB
-
MD5
bd472cf05ab7f61043a3035af93b4252
-
SHA1
0b1206c106583ea7c7ff9fb08ac0cf521e84526f
-
SHA256
c0f9927bbf25d29cc37936db7b00a09f94b23dcbec9103b77802891c49b9f4c3
-
SHA512
1f471469b87441968228af63bb8701b05eb5c94e7d6736ab24a3c68b5ff6f632bd04519ed0794cf3bd9317273db195544213bc43f139c24a5684ef4bd671c087
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-