General
-
Target
Quotation 400 KVA.exe
-
Size
477KB
-
Sample
210912-gw38tacba7
-
MD5
29bfe138eb8eb4caf72ed94f4d4fb084
-
SHA1
fd40dab7902ba104d61e05ad04237ae297448deb
-
SHA256
85b8983f0d67758fd02b1aa875add6fd3fe6e88f9ade27cb535c490a0c367491
-
SHA512
e8b98f58487c5a730ec872ea8df90bd84a70fc062bf71096de1a618a8e7a4cdbb3c0287276fc74a2b6b7f4d1300ac7702133ca103a9c4acf8993b21d8888de2b
Static task
static1
Behavioral task
behavioral1
Sample
Quotation 400 KVA.exe
Resource
win7-en
Malware Config
Extracted
formbook
4.1
ergs
http://www.barry-associates.com/ergs/
jardineriavilanova.com
highkeyfashionboutique.com
willingtobuyyourhouse.com
ysfno.com
bjkhjzzs.com
hexmotif.com
intentionalerror.com
nuu-foundfreedom.com
catalystspeechservices.com
blackmybail.com
xntaobaozhibo.com
site-sozdat.online
45quisisanadr.com
ipawlove.com
yifa5188.com
admm.email
houseoftealbh.com
scale-biz.com
vdvppt.club
loveandlight.life
529jpmorgan.com
pupupe.com
asantejaratmavi.com
stereovisionstudio.com
anhhoangnhatle.com
robrowerealestate.com
accessorthopaedics.com
vanaform.com
hataribeauty.com
karnez.net
meghanariana.com
lawboutique30.com
sailoame.com
waystoearnmoneyontheside.com
alkalides.com
finqian.com
ic-video-editing.co.uk
vomartdesign.xyz
xn--icknb7d2bb8tv280bco4a.com
containerreefer.com
maison-connect.com
fbtowww.com
phoenizoo.com
bet365l6.com
royalglossesbss.com
justiceforashleymoore.com
hupubets.com
technomarkets.info
ahhaads.com
vvbeautystudio.com
ddogo2o4r.online
ameliefantaisie.com
signupforhuntington.com
antibodycovid19testkit.com
kuznecova.center
yuxingo.com
heseasy.site
wilmingtondollshow.com
196197.com
domineaconfeitaria.com
veryzocn.com
regenerativesouls.com
llamshop.com
miami-autoparts.com
Targets
-
-
Target
Quotation 400 KVA.exe
-
Size
477KB
-
MD5
29bfe138eb8eb4caf72ed94f4d4fb084
-
SHA1
fd40dab7902ba104d61e05ad04237ae297448deb
-
SHA256
85b8983f0d67758fd02b1aa875add6fd3fe6e88f9ade27cb535c490a0c367491
-
SHA512
e8b98f58487c5a730ec872ea8df90bd84a70fc062bf71096de1a618a8e7a4cdbb3c0287276fc74a2b6b7f4d1300ac7702133ca103a9c4acf8993b21d8888de2b
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-