General
-
Target
PURCHASE ORDER 29kva.r11
-
Size
499KB
-
Sample
210929-qf3f1sfac8
-
MD5
08359b734342da1634a66e867b549a90
-
SHA1
b17399be8059070447e488c754a9b0953e020446
-
SHA256
a621a7d8411c3a040a7560fd201d1bb9d269a1ed4bb43559879babf58e675eb8
-
SHA512
7db4516e5ce84bbbf6c786ab1f4ce654690131108942cbc46230c22341889df63e4e430c33d51735be41633164050d378feb07f28322f4658abf3d1e63e6d255
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER 29kva.exe
Resource
win7v20210408
Malware Config
Extracted
formbook
4.1
ergs
http://www.iselotech.com/ergs/
oceanprimesanfrancisco.com
dk-tnc.com
sodangwang.com
abrat-ed.com
dusubiqiqijem.xyz
getsup.online
homeneto.com
shose8.com
tronlane.com
nidowicosasod.xyz
independienteatleticclub.com
pca-winschool.com
realbadnastystories.site
bluevioletfloral.com
simplifiedpeacepodcast.com
abcfreediving.com
theyardbunny.com
holoique.com
ibkr1325.com
tjnfioou.xyz
bumbleapi.com
universityofnorthdakota.com
kisoriyan.com
scienceiva.com
permislbzd.store
mysoiree-lyon.com
philippinenow.com
officialjoyslots.com
casualdatingsites.online
delia-flores.com
eroerofuck.com
myesu.net
tryhard-production.com
3beadsbytj.com
congtycoessentials.net
3doutfits.com
spencersigmon.xyz
mewydyrqd.xyz
manigua.store
teescuchooffee.com
websitetudong.com
shiere.com
rummypepper.com
universeinteriors.com
royaledutyfree.com
evolutionarycurandera.com
seulookexpress.com
seajetguard.com
monikamosur.com
columbiaathleticboosters.com
sem4seo.com
businesstechblueprint.com
kreativemarketingconcepts.com
maisons-france-confort-mp.com
lixinjishaiwang.com
mybrabdmall.com
mrdreamhouse.com
graysrbm.online
theboathub.com
50039219.com
rincondelvinologo.com
coreatechnologyonline.com
artuta.com
teaneckvegan.com
Targets
-
-
Target
PURCHASE ORDER 29kva.exe
-
Size
713KB
-
MD5
cf92b80bd587ac1498dd3e37fee96af7
-
SHA1
ecaef1532016cc58333ddff64ace07d2a51bde72
-
SHA256
727d99fbf5a7d58b50ea62f289cf59b251ffe3e6f5d9487f7716127654e6e32a
-
SHA512
cd07ba0d3b511144afd2246778103ac1ce9db31f9df6ac7dd86c3a08600682242cf1069a54e36da7e96041d084aed950e5d899510f08a676434848fe8f350fb3
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-