General
-
Target
5db1b401d54eb87dfe5260ba2f3a4077b692aac3
-
Size
612KB
-
Sample
210727-zjt8aex5de
-
MD5
bdc8aab5dc8803a80050a28c39171069
-
SHA1
5db1b401d54eb87dfe5260ba2f3a4077b692aac3
-
SHA256
6444b0f41e6046055462a6b4837fdf509f403e01f3a3c46899548ec0ee9fbfdc
-
SHA512
a1dc7fbfe4009bf5aa44262399dd1caf18f7901e3c5ee70540ad58ab5a668db6040c461ff2debfbfb5edad0fec524193249fbb8313263772be65348369b707eb
Static task
static1
Behavioral task
behavioral1
Sample
5db1b401d54eb87dfe5260ba2f3a4077b692aac3.exe
Resource
win7v20210408
Malware Config
Extracted
formbook
4.1
http://www.containerflippers.com/np0c/
spartansurebets.com
threelakestradingco.com
metaspace.global
zjenbao.com
directlyincluded.press
peterchadri.com
learnhousebreaking.com
wonobattle.online
leadate.com
shebafarmscali.com
top4thejob.online
awakeyourfaith.com
bedford-st.com
lolwhats.com
cucurumbel.com
lokalbazaar.com
matter.pro
eastcountyanimalrescue.com
musesgirl.com
noordinarydairy.com
saigonstar2.com
farmacias-aranda.com
fjzzck.com
createandelevate.solutions
australiavapeoil.com
imperfectlymassabella.com
criminalmindeddesign.com
silverstoneca.com
scotlandpropertygroup.com
3dvbuild.com
privatebeautysuites.com
driplockerstore.com
rcdesigncompany.com
2141cascaderdsw.com
mybbblog.com
bodyambrosia.com
solitudeblog.com
coworkingofficespaces.com
9999cpa.com
flipwo.com
dynamicfitnesslife.store
anandsharmah.com
afyz-jf7y.net
erikagrandstaff.com
pumpfoil.com
bodurm.com
goldlifetime.com
a1organ.com
akomandr.com
hsavvysupply.com
dyvyn.com
bizlikeabosslady.network
livein.space
helpafounderout.com
orbmena.com
mrrodgersrealty.com
roxhomeswellington.com
klimareporter.com
1040fourthst405.com
blackbuiltbusinesses.com
solidswim.com
lordetkinlik3.com
gardencontainerbar.com
viperporn.net
Targets
-
-
Target
5db1b401d54eb87dfe5260ba2f3a4077b692aac3
-
Size
612KB
-
MD5
bdc8aab5dc8803a80050a28c39171069
-
SHA1
5db1b401d54eb87dfe5260ba2f3a4077b692aac3
-
SHA256
6444b0f41e6046055462a6b4837fdf509f403e01f3a3c46899548ec0ee9fbfdc
-
SHA512
a1dc7fbfe4009bf5aa44262399dd1caf18f7901e3c5ee70540ad58ab5a668db6040c461ff2debfbfb5edad0fec524193249fbb8313263772be65348369b707eb
-
Formbook Payload
-
Suspicious use of SetThreadContext
-