General
-
Target
PO# 11381.exe
-
Size
397KB
-
Sample
211014-xkskyaabd9
-
MD5
358bd28cc6d56ab308c4a413b2de32f5
-
SHA1
88178d1f6e0ad8f120a542f1314f5f4dd907f6ff
-
SHA256
cadf6d6a91c8c4e8576468e393638eb7ee477490c5a8a7d0fe9e919b6a6d93ec
-
SHA512
a52182f20b732e9fc37cb0b163b6378b8720209a1c6670decf95c4f518afe927d367ebb69cadb8483abbb0e32cbd218ef256764ad66fb109fd577eb039545973
Static task
static1
Behavioral task
behavioral1
Sample
PO# 11381.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
fv89
http://www.keyplus.digital/fv89/
explaodingkittens.com
terapisanak.com
wearenlcs.com
bbcwin128.com
gyrotrader.com
pamvagata.com
1stoplendinggroup.store
sedukapug.rest
practicepicnic.com
moonmonkeyventureclub.com
theaveragedude.com
theintegritytalks.com
andesadventureperu.com
helmrad.com
thurmaniniguezdqkaogyzkbus.com
computetecs.com
regionsi.com
bestyounggirls.site
funnelmymoney.com
hardrocktransport.online
newstowergh.com
lucaslemonholm.com
pinksartistry.com
fepiel.com
pragmaticrhino.net
cunsem.link
boekenroodeweg45.com
junkremovallindenhurst.com
vitkotijelo.online
pacutolit.rest
xkji.xyz
primeworldsecurity.com
bendoregonplants.com
medulisten.com
veterannc.com
hastaneotomasyonu.com
northfacefactoryxoutlet.com
karenmilazzo.com
hilidayk9resorts.com
normajohnston.com
thexena.com
howtohennatattoo.online
roughhelmet.com
waypathconsulting.net
caregiverid.com
devanwesterman.com
gregorywatsonphd.com
it2020.net
giuliadapian.com
royaluxy.com
bigdnet.com
tandhtruckingacademy.com
countofeeti.online
daytonatackle.com
rsukrida.com
ggjh.xyz
knedatec.xyz
cafecitoinfluencers.com
shiqige.com
intescur22.info
lafabriqueduvent.com
mdbootstap.com
havenhopecenter.com
carvalhointernacional.com
Targets
-
-
Target
PO# 11381.exe
-
Size
397KB
-
MD5
358bd28cc6d56ab308c4a413b2de32f5
-
SHA1
88178d1f6e0ad8f120a542f1314f5f4dd907f6ff
-
SHA256
cadf6d6a91c8c4e8576468e393638eb7ee477490c5a8a7d0fe9e919b6a6d93ec
-
SHA512
a52182f20b732e9fc37cb0b163b6378b8720209a1c6670decf95c4f518afe927d367ebb69cadb8483abbb0e32cbd218ef256764ad66fb109fd577eb039545973
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-