General
-
Target
PLM-QUOT-292MKV AST.lzh
-
Size
432KB
-
Sample
210910-l92z5ahhg4
-
MD5
34cf573a784ca27c172ac6ca209e17c6
-
SHA1
df0019e2575938dfd2387b083742960090c48219
-
SHA256
d4fb3556995ee659f550487a7eda98e7b422a0a6a8e4ba7f5777c7973cae312d
-
SHA512
0022598616f874b6b2f17496532c2bca30e10c394d838996362446309218a6ce45b96d9eadcb78b096d5624d4c097841c3ad3da317f8c346c8b68b92710d3c49
Static task
static1
Behavioral task
behavioral1
Sample
PLM-QUOT-292MKV AST.exe
Resource
win7-en
Malware Config
Extracted
formbook
4.1
ergs
http://www.barry-associates.com/ergs/
jardineriavilanova.com
highkeyfashionboutique.com
willingtobuyyourhouse.com
ysfno.com
bjkhjzzs.com
hexmotif.com
intentionalerror.com
nuu-foundfreedom.com
catalystspeechservices.com
blackmybail.com
xntaobaozhibo.com
site-sozdat.online
45quisisanadr.com
ipawlove.com
yifa5188.com
admm.email
houseoftealbh.com
scale-biz.com
vdvppt.club
loveandlight.life
529jpmorgan.com
pupupe.com
asantejaratmavi.com
stereovisionstudio.com
anhhoangnhatle.com
robrowerealestate.com
accessorthopaedics.com
vanaform.com
hataribeauty.com
karnez.net
meghanariana.com
lawboutique30.com
sailoame.com
waystoearnmoneyontheside.com
alkalides.com
finqian.com
ic-video-editing.co.uk
vomartdesign.xyz
xn--icknb7d2bb8tv280bco4a.com
containerreefer.com
maison-connect.com
fbtowww.com
phoenizoo.com
bet365l6.com
royalglossesbss.com
justiceforashleymoore.com
hupubets.com
technomarkets.info
ahhaads.com
vvbeautystudio.com
ddogo2o4r.online
ameliefantaisie.com
signupforhuntington.com
antibodycovid19testkit.com
kuznecova.center
yuxingo.com
heseasy.site
wilmingtondollshow.com
196197.com
domineaconfeitaria.com
veryzocn.com
regenerativesouls.com
llamshop.com
miami-autoparts.com
Targets
-
-
Target
PLM-QUOT-292MKV AST.exe
-
Size
525KB
-
MD5
4d212e509348f56edb404d564a19d6b8
-
SHA1
59d3542f9e2f3e74078e837e5cba3d46d1414ad8
-
SHA256
3c74c617119a6ba48fd332b234183150245f1594acf80eb51935783d68d4f783
-
SHA512
89bf3a8a1232662245c6b4b96f69801027635f38b5de4099eb6c6fbffc944b38bb8e50362b586a10ae1c31b43f0565a62222b6c9bf6a9a8364d6d3c43645e463
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-