General
-
Target
Amended SO of 2000KVA400KVA.lzh
-
Size
569KB
-
Sample
210922-ppgp8sceh6
-
MD5
b74c4168222ae27a7cf68fc783f440f5
-
SHA1
037062095ea8f0bda86f5affa083c3b3e6a203cb
-
SHA256
90086266feb549b0e4cd0a96a2ed5752ace95ba47bb15479cdf1e7e4fdbfeb2f
-
SHA512
648fa7877274ca0864ea75d6fc7a36e40d3b30b3dace2b8d823808b65f8ad8f2d4d4321b606fb9924bbf86281c43dc9f5992438624ecb946c1a648c46c89283f
Static task
static1
Behavioral task
behavioral1
Sample
Amended SO of 2000KVA400KVA.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
ergs
http://www.iselotech.com/ergs/
oceanprimesanfrancisco.com
dk-tnc.com
sodangwang.com
abrat-ed.com
dusubiqiqijem.xyz
getsup.online
homeneto.com
shose8.com
tronlane.com
nidowicosasod.xyz
independienteatleticclub.com
pca-winschool.com
realbadnastystories.site
bluevioletfloral.com
simplifiedpeacepodcast.com
abcfreediving.com
theyardbunny.com
holoique.com
ibkr1325.com
tjnfioou.xyz
bumbleapi.com
universityofnorthdakota.com
kisoriyan.com
scienceiva.com
permislbzd.store
mysoiree-lyon.com
philippinenow.com
officialjoyslots.com
casualdatingsites.online
delia-flores.com
eroerofuck.com
myesu.net
tryhard-production.com
3beadsbytj.com
congtycoessentials.net
3doutfits.com
spencersigmon.xyz
mewydyrqd.xyz
manigua.store
teescuchooffee.com
websitetudong.com
shiere.com
rummypepper.com
universeinteriors.com
royaledutyfree.com
evolutionarycurandera.com
seulookexpress.com
seajetguard.com
monikamosur.com
columbiaathleticboosters.com
sem4seo.com
businesstechblueprint.com
kreativemarketingconcepts.com
maisons-france-confort-mp.com
lixinjishaiwang.com
mybrabdmall.com
mrdreamhouse.com
graysrbm.online
theboathub.com
50039219.com
rincondelvinologo.com
coreatechnologyonline.com
artuta.com
teaneckvegan.com
Targets
-
-
Target
Amended SO of 2000KVA400KVA.exe
-
Size
749KB
-
MD5
55552a34489fa2cf62cac5667e17cd45
-
SHA1
0292df2a71fbeed972ad72e29d42c4fd71469372
-
SHA256
410659d6e76a955d58e88df12ffea3550a57758513630f051c6e66caa343fdad
-
SHA512
5c22f59cb3819ab0230043bb27de9c134872c316a998e1e08d1bb3653f00310327b821dea128ee021fcbb4a6ee1e33fdc539606c5a13f7099977808be575ecae
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-