General
-
Target
PO 1,5001993 21118.exe
-
Size
542KB
-
Sample
210928-k2jcdabbh3
-
MD5
65d36801e01e7b2053c838e56f64c0d7
-
SHA1
964079668438ed102da00cfc0fc82e44ab55c45f
-
SHA256
f5400b800544782acf9e16a80368cef1b36eed0e63fd0200523f3d38c54162e9
-
SHA512
88ac2c1faf66aea16dd9b0f5cc312d4d130874b505d20ae7dfbfb8e93a4c7ec19f7931a5dc67a2e8b70e98084461c5d50c7a140925c87df30474c63aae27388b
Static task
static1
Behavioral task
behavioral1
Sample
PO 1,5001993 21118.exe
Resource
win7v20210408
Malware Config
Extracted
formbook
4.1
ergs
http://www.iselotech.com/ergs/
oceanprimesanfrancisco.com
dk-tnc.com
sodangwang.com
abrat-ed.com
dusubiqiqijem.xyz
getsup.online
homeneto.com
shose8.com
tronlane.com
nidowicosasod.xyz
independienteatleticclub.com
pca-winschool.com
realbadnastystories.site
bluevioletfloral.com
simplifiedpeacepodcast.com
abcfreediving.com
theyardbunny.com
holoique.com
ibkr1325.com
tjnfioou.xyz
bumbleapi.com
universityofnorthdakota.com
kisoriyan.com
scienceiva.com
permislbzd.store
mysoiree-lyon.com
philippinenow.com
officialjoyslots.com
casualdatingsites.online
delia-flores.com
eroerofuck.com
myesu.net
tryhard-production.com
3beadsbytj.com
congtycoessentials.net
3doutfits.com
spencersigmon.xyz
mewydyrqd.xyz
manigua.store
teescuchooffee.com
websitetudong.com
shiere.com
rummypepper.com
universeinteriors.com
royaledutyfree.com
evolutionarycurandera.com
seulookexpress.com
seajetguard.com
monikamosur.com
columbiaathleticboosters.com
sem4seo.com
businesstechblueprint.com
kreativemarketingconcepts.com
maisons-france-confort-mp.com
lixinjishaiwang.com
mybrabdmall.com
mrdreamhouse.com
graysrbm.online
theboathub.com
50039219.com
rincondelvinologo.com
coreatechnologyonline.com
artuta.com
teaneckvegan.com
Targets
-
-
Target
PO 1,5001993 21118.exe
-
Size
542KB
-
MD5
65d36801e01e7b2053c838e56f64c0d7
-
SHA1
964079668438ed102da00cfc0fc82e44ab55c45f
-
SHA256
f5400b800544782acf9e16a80368cef1b36eed0e63fd0200523f3d38c54162e9
-
SHA512
88ac2c1faf66aea16dd9b0f5cc312d4d130874b505d20ae7dfbfb8e93a4c7ec19f7931a5dc67a2e8b70e98084461c5d50c7a140925c87df30474c63aae27388b
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-