General
-
Target
uzorci proizvoda.exe.xz
-
Size
318KB
-
Sample
210728-61lvb6yv8e
-
MD5
4a16891a607ad8b6f5dbec458f40d1dc
-
SHA1
f3a48d0d5826e47530d6feb98451f09708218939
-
SHA256
5349b24a5d638dc5ea785d7b5cb5c5269865fbfaacef71f4fbb7d78c09d20dc6
-
SHA512
464c6e3b50b99b6be4ae66a374c7c67d8e890d9f61882cbcac1ef5002d353518ad93b1e3cdf473c1fa53432c4fcb1152b8764ae8dd91568dc1224530ff8fb2a1
Static task
static1
Behavioral task
behavioral1
Sample
uzorci proizvoda.exe
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.kmresults.com/n7ak/
modischoolcbse.com
theneverwinter.com
rszkjx-vps-hosting.website
fnihil.com
1pbet.com
nnowzscorrez.com
uaotgvjl.icu
starmapsqatar.com
ekisilani.com
extradeepsheets.com
jam-nins.com
buranly.com
orixentertainment.com
rawtech.energy
myol.guru
utex.club
jiapie.com
wowig.store
wweidlyyl.com
systaskautomation.com
citromudas3a.com
plasticstone.icu
pawchamamapet.com
beautybybby.com
mor-n-mor.com
getoffyourhighhorses.com
chieucaochoban9.xyz
grahamevansmp.com
amplaassessoria.net
nutricookindia.com
wazymbex.icu
joansironing.com
hallforless.com
mycourseprofits.com
precps.com
cookislandstourismpodcast.com
bestonlinedealslive.com
bug.chat
ptjbtoqonjtrwpvkfgmjvwp.com
tortniespodzianka.store
qxkbjgj.icu
aurashape.com
guinealive.com
mondialeresources.com
offthebreak.site
maxamproductivity.com
thebiztip.com
thelocalrea.com
laeducacionadistancia.com
inpakgroup.com
lvgang360.com
allvegangoods.com
tymudanzaramos.com
simpleframeswork.com
thehappycars.com
directfenetres.net
norskatferdsterapi.com
hostingcnx.com
ksmh5x.com
thespiritworldinvitational.com
jetsetwilly3.com
gameflexdev.com
tryhuge.com
vaporvspaper.com
Targets
-
-
Target
uzorci proizvoda.exe
-
Size
871KB
-
MD5
23edaa5eedb3e86821231fc4d9203282
-
SHA1
75473cf5a6ed1b319d724319c0640a287e0151dd
-
SHA256
85c06f810a8b5bcd96b37ba755521d19149c2d43bbd47317dbd0aa5e522af635
-
SHA512
0d7e43cb653ad4832e61f5cadc8137217700670e20a318136bcf298c1f97aa55e3ae026252fe7888e99f880d62ea446c3a9933b5bfe4c58033073d1afef525e9
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Suspicious use of SetThreadContext
-