General
-
Target
c1968b2c517ba9f87e605d33612b7573.exe
-
Size
701KB
-
Sample
210930-hz84xaghdm
-
MD5
c1968b2c517ba9f87e605d33612b7573
-
SHA1
438c9f4aa5c4e7c27f505a081a445cdbe0830f9a
-
SHA256
41c5b0b2b9afd1f7dc207176e2a200042660dcdb02c745cc750e13f1d3ad7b01
-
SHA512
7c7db96e550f3dc65052d653cd1288747d8d3c7cca7418a0765b558bdcf6007d7a26b865d1e468cb88015a45a081ec02ca67c2c95c830f56a4d82b40e125b6f6
Static task
static1
Behavioral task
behavioral1
Sample
c1968b2c517ba9f87e605d33612b7573.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
mxwf
http://www.zahnimplantatangebotede.com/mxwf/
orders-cialis.info
auctionorbuy.com
meanmugsamore.com
yachtcrewmark.com
sacredkashilifestudio.net
themintyard.com
bragafoods.com
sierp.com
hausofdeme.com
anthonyjames915.com
bajardepesoencasa.com
marciaroyal.com
earringlifter.com
dsdjfhd9ddksa1as.info
bmzproekt.com
employmentbc.com
ptsdtreatment.space
vrchance.com
cnrongding.com
welovelit.com
intercourierdelivery.services
ianwhitewrite.com
afcerd.com
beneficiodemedicare.com
gatel3ess.com
salesnksportswt.top
thewellnessloft365.com
totensa.com
jessicatheisen.com
snowtographers.com
executrainpr.com
puttypaw.com
popcorntimeipad.com
heyconi.com
llanoresources.com
ibusinesshero.com
1euro1ad.com
sparkleeapp.com
zhuxiugyh.com
calvinmaphoto.com
bjmaomao.com
isaacfujiki.com
zipwhipper.com
kontrollstutzen.com
hannaheason.media
zgcbw.net
letteringdagabi.com
kitefabrics.com
andherieastoffices.com
thewellnesstravelcompany.info
ohio.works
beacharita.com
alphamillls.com
sassandvinegar.com
usauber.com
ceylonherbslk.com
richardggreenhill.com
groupdae.com
jupiterccc.com
indoovo.com
sunnytheodora.com
gxpgfz.com
shoppandaxpress.com
heiboard.com
Targets
-
-
Target
c1968b2c517ba9f87e605d33612b7573.exe
-
Size
701KB
-
MD5
c1968b2c517ba9f87e605d33612b7573
-
SHA1
438c9f4aa5c4e7c27f505a081a445cdbe0830f9a
-
SHA256
41c5b0b2b9afd1f7dc207176e2a200042660dcdb02c745cc750e13f1d3ad7b01
-
SHA512
7c7db96e550f3dc65052d653cd1288747d8d3c7cca7418a0765b558bdcf6007d7a26b865d1e468cb88015a45a081ec02ca67c2c95c830f56a4d82b40e125b6f6
-
Formbook Payload
-
Suspicious use of SetThreadContext
-