General
-
Target
9284392fd96b31b3de8d8f664de3f0e4
-
Size
436KB
-
Sample
210915-wsk1dsbba4
-
MD5
9284392fd96b31b3de8d8f664de3f0e4
-
SHA1
9b2e8d834a7e50ec7e674433d019dbd19996036c
-
SHA256
4f8799e5441c553ebbda342b6b06356a70dc432e5ac0434f4158146520b57ab7
-
SHA512
61efcc329ba8f50c32de43ba0bfc66e6591158c12fcb095dfa3652e54fc799255a49e44c62f2022b807d51b432050f85d94a172dc0e186af40a21e3848c7c922
Static task
static1
Behavioral task
behavioral1
Sample
9284392fd96b31b3de8d8f664de3f0e4.exe
Resource
win7-en
Malware Config
Extracted
formbook
4.1
o4ms
http://www.nocodehost.com/o4ms/
fishingboatpub.com
trebor72.com
qualitycleanaustralia.com
amphilykenyx.com
jayte90.net
alveegrace.com
le-fleursoleil.com
volumoffer.com
businessbookwriters.com
alpin-art.com
firsttastetogo.com
catofc.com
ref-290.com
sbo2008.com
fortlauderdaleelevators.com
shanghaiyalian.com
majestybags.com
afcerd.com
myceliated.com
ls0a.com
chautauquapistolpermit.com
cq1937.com
riafellowship.com
sjzlyk120.com
onlinerebatemall.com
bjlmzmd.com
services-neetflix-info.info
khaapa.com
thehgboutique.com
iconndigital.com
ninjavendas.com
zeonyej.icu
iddqdtrk.com
taoy360.info
conanagent.icu
mobileflirting.online
lorrainelevis.com
bakerrepublic.com
tfi50.net
mildlobr.com
turnkeypet.com
instarmall.com
contilnetnoticias.website
symbiocrm.com
earn074.com
swapf.com
daveydavisphotography.com
notes2nobody.com
pensje.net
nanoplastiakopoma.com
inlandempiresublease.com
donaldjtryump.com
secondinningseva.com
zumohub.xyz
torbiedesigns.com
koastedco.com
lifestyleeve.com
purposepalacevenue.com
risk-managements.com
doluhediye.com
revolutionarylightworkers.com
smithridge.net
share-store.net
jastalks.com
Targets
-
-
Target
9284392fd96b31b3de8d8f664de3f0e4
-
Size
436KB
-
MD5
9284392fd96b31b3de8d8f664de3f0e4
-
SHA1
9b2e8d834a7e50ec7e674433d019dbd19996036c
-
SHA256
4f8799e5441c553ebbda342b6b06356a70dc432e5ac0434f4158146520b57ab7
-
SHA512
61efcc329ba8f50c32de43ba0bfc66e6591158c12fcb095dfa3652e54fc799255a49e44c62f2022b807d51b432050f85d94a172dc0e186af40a21e3848c7c922
-
Formbook Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-