General
-
Target
20211015168444093723.iso
-
Size
322KB
-
Sample
211015-vt9jpsbbf9
-
MD5
e070b8910baf045ad7b5c1520165b21f
-
SHA1
b2b991504b74ccfaf3e3fdb415cf08fb3b004fde
-
SHA256
80db1952d4072b26cd44506d916c33b020a7cd8f85150d59725e2a4602a21a60
-
SHA512
02249749a63dcbd138b4513598407e20ae2911e1dc0a0d474dd49e12cd0ca25e9f75acce1461622dc0df5cfdd833dd7f6ef8e9113904b64eefff2c7624f14820
Static task
static1
Behavioral task
behavioral1
Sample
20211015168444093723.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
nd1w
http://www.ahlongpteltd.com/nd1w/
cartographieinterieure.store
de-tanautorisierung-6439.xyz
maxisezon.com
spottsalodio.xyz
thesocialguild.net
petemergencydoctor.com
czhtfmgj.com
incontrilocalimilano.com
132kingrd.com
clearviewsatellitesolutions.com
shopingmanplus.com
compuserviciosway.com
millportservicesltd.com
ticketinsurey.club
metro-club.com
aboutpoliticsofatom.com
brebawake.com
yurteam.com
dropadoo.com
wcsaroma2012.com
yaoyao800.com
utilitysresources.store
jobskarlsruhe.com
tuliotrevas.com
yearecep.com
pathtocyber.com
mstf.world
volber.online
soutsocial.top
eczanemaslak.xyz
longgocabs.com
war.love
builttotradeoptions.com
kolombor.website
fellowscon.net
biosthetique.store
xn--bysx94a.net
takeshi-toshi.com
over-the-mountain.com
luneandlakescleaning.com
aolcomhomepage.com
rentalforkliftsurabaya.com
sucesao.pro
dajiangchf.com
tourtoll.xyz
teksttrainer.online
carnevacunacion.net
j1qlgx.com
vinstore.xyz
juyangkeji.xyz
scorpiongold.net
klasoftware.com
carbonboys.com
0668hj.com
puntocomcelulares.com
technoblooms.com
vemssc.icu
get-caasebake-now.xyz
kikiandjase.online
northfacecoatsforwomen.com
flormar.store
cosplaysquidgame.com
soulshinebar.com
makingsides.com
Targets
-
-
Target
20211015168444093723.exe
-
Size
261KB
-
MD5
4452b76f214c4a5f5e520e579da088d8
-
SHA1
fcad7662120fe40c1a7dc052e40be8e67dfd7a93
-
SHA256
51f987ef74839fa7ba0b2c959aee7ad244c30231259bc22b4b778a71760e7262
-
SHA512
32ed1bcd1385d105bcb2d0eba49e85fc71f15687bc42ce9eb80d9351d1e363c93c35f7589a0b013cb03f352dc4d50fc32c6c347f1cd6fa528e9b73e5d34d7482
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-