General
-
Target
PI L032452021xxls.lzh
-
Size
558KB
-
Sample
210915-jan8waaah6
-
MD5
cef93ba770cfbdae2f883e71a5b8ef7a
-
SHA1
3cf945c129557f195a65ca85f43502052caf4c1c
-
SHA256
310148ae5e69b2ccfd91c5e3af16d0bfbe3c6aba0d348b5512a4932af2afaf17
-
SHA512
3abf61c41e9fb65e8bf78d61a4f898807968fd324c04ffe3793e32c22b57620adf2850564aa383df4295bc280c044eaa9f3888ef20865cb1227bc3e5fc900592
Static task
static1
Behavioral task
behavioral1
Sample
PI L032452021xxls.exe
Resource
win7-en
Malware Config
Extracted
formbook
4.1
ergs
http://www.barry-associates.com/ergs/
jardineriavilanova.com
highkeyfashionboutique.com
willingtobuyyourhouse.com
ysfno.com
bjkhjzzs.com
hexmotif.com
intentionalerror.com
nuu-foundfreedom.com
catalystspeechservices.com
blackmybail.com
xntaobaozhibo.com
site-sozdat.online
45quisisanadr.com
ipawlove.com
yifa5188.com
admm.email
houseoftealbh.com
scale-biz.com
vdvppt.club
loveandlight.life
529jpmorgan.com
pupupe.com
asantejaratmavi.com
stereovisionstudio.com
anhhoangnhatle.com
robrowerealestate.com
accessorthopaedics.com
vanaform.com
hataribeauty.com
karnez.net
meghanariana.com
lawboutique30.com
sailoame.com
waystoearnmoneyontheside.com
alkalides.com
finqian.com
ic-video-editing.co.uk
vomartdesign.xyz
xn--icknb7d2bb8tv280bco4a.com
containerreefer.com
maison-connect.com
fbtowww.com
phoenizoo.com
bet365l6.com
royalglossesbss.com
justiceforashleymoore.com
hupubets.com
technomarkets.info
ahhaads.com
vvbeautystudio.com
ddogo2o4r.online
ameliefantaisie.com
signupforhuntington.com
antibodycovid19testkit.com
kuznecova.center
yuxingo.com
heseasy.site
wilmingtondollshow.com
196197.com
domineaconfeitaria.com
veryzocn.com
regenerativesouls.com
llamshop.com
miami-autoparts.com
Targets
-
-
Target
PI L032452021xxls.exe
-
Size
706KB
-
MD5
73c7fda15888b3b6cc025ce3d5f83161
-
SHA1
78b8467853dc5bdba4dd28a8602902fcc210f67c
-
SHA256
69394a249833f97289151fa8334f32e0b0467ce4ecb164b0706784fb836136a6
-
SHA512
dbb943a00e2c24dc0926f36b81409d28789a10d20b8e4043b2545eff1daa74448bc324ada5376e582757ce3db916042747b7939648d8ed102fe2be305ffe872a
-
Formbook Payload
-
Suspicious use of SetThreadContext
-