General
-
Target
1.exe
-
Size
184KB
-
Sample
210917-k7ydgsfbb8
-
MD5
b40cb0308a54ac1d3b997a74afa5d760
-
SHA1
d114b90c7838201624a3faf512d00c74095baa16
-
SHA256
561bedc1d6d589037ade015eb53f01c045fbd770982e04dc1b7a2acc677d67f4
-
SHA512
e7e47000809d41cfcb9f82976fbf8972c1c3f6783f39a44234d6e4c519709e3bf82abddd072128630734d5297a0bca1471fb7a1377b9340b4e0b438c86b598a4
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-en-20210916
Malware Config
Extracted
formbook
4.1
3nop
http://www.jakesplacebarbers.com/3nop/
videohm.com
panache-rose.com
alnooncars-kw.com
trueblue2u.com
brussels-cafe.com
ip2c.net
influenzerr.com
rbcoq.com
zzful.com
drainthe.com
sumaholesson.com
cursosaprovados.com
genotecinc.com
dbrulhart.com
theapiarystudios.com
kensyu-kan.com
dkku88.com
tikhyper.com
aztecnort.com
homebrim.com
infinitilamp.com
leelegantflower.com
floor-space.investments
vidasustentavel.online
wholehearteddaughters.com
vipandeep.com
mdwovzrrm.icu
592215.com
academicplumbing.com
bestveganbook.com
theservantleader.com
nazarickdeveloper.xyz
delta-wing.com
girlfriendsgarb.com
sezyz11.com
ca3construction.com
smartswitchhomeloan.net
luckytwo.agency
ministry-of-barbers.com
babbageacademy.com
informationside.com
packapp.net
spacecoasthondaevent.com
thehealthyimmunereset.com
pjcavaliere.info
trebdurham.com
zhixintonghe.com
gon2580.com
dottproject.net
snakby.com
keeponsports.com
debbiewilsondesigns.com
stagingsolutionsgroup.com
forummondialdelamerbizerte.com
garnier.red
tempestchs.com
zpxinxi.com
jam-nins.com
inclusiocg.com
msmenders.com
whachupichu.com
pursemore.com
thebusinessfitclub.com
scootgotti.com
Targets
-
-
Target
1.exe
-
Size
184KB
-
MD5
b40cb0308a54ac1d3b997a74afa5d760
-
SHA1
d114b90c7838201624a3faf512d00c74095baa16
-
SHA256
561bedc1d6d589037ade015eb53f01c045fbd770982e04dc1b7a2acc677d67f4
-
SHA512
e7e47000809d41cfcb9f82976fbf8972c1c3f6783f39a44234d6e4c519709e3bf82abddd072128630734d5297a0bca1471fb7a1377b9340b4e0b438c86b598a4
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-