General
-
Target
RFQ QH211013.7z
-
Size
843KB
-
Sample
211017-nsfrnsceh6
-
MD5
d99f52678eee0b20c44c1373210c334d
-
SHA1
3988082cbc1f158e7ec71ccfb2cb0a4d5b50384a
-
SHA256
52ce1d5ff4ad52efd040fc98bfab3dcbe731793216227b7f1d1e6e72dd540dc5
-
SHA512
509e5b74cee443847c9aea5f79ae3025292dc3e22e5fe914a87a25b783a148b5c73d181b92fa948cc914bd9f7dad656fd854f22692eb7c26988d743cca84d822
Static task
static1
Behavioral task
behavioral1
Sample
RFQ QH211013.exe
Resource
win7-en-20211014
Malware Config
Extracted
formbook
4.1
g8ni
http://www.er5544.com/g8ni/
nickmowat.com
garethjame.biz
colibrilift.com
vulnerabilitylabs.one
neuro-ai-web-ru.website
16mcnaestreetmooneeponds.com
bestofstmaarten.net
meditelier.com
ragnarduke.com
escueladecampo.com
vongtayvn.com
inmemoriamaan.com
yourpeoplemanager.com
r6-gytr.com
agreeablebeauty.com
snpconfirms.com
tribalurq.quest
purafuse.com
cisco-training-course.com
wery.top
haiyaa.tech
schtefo.net
kenytc.com
energypopcorn.com
0urls.top
artiatec.com
enqum.com
nextcloud.solutions
stateaffairsng.com
727bpay.com
matchmakerfiji.com
qingdouge.com
nusrattelbdoffical.xyz
seo-clicks7.com
aspirateurs.net
autosandmorestore.com
moje-akvarium.net
uehddw.com
geschmacksakademie.com
gendarmerie.email
buynftinc.com
mission-nao.com
webmakers.xyz
federationwholesale.com
tjbieying.com
finestpoints.com
premiersloyko.xyz
carlislepartssurvey.com
hackernfts.com
abitvip.com
iphone13mini.supplies
thenorthfacedeal.online
swlhvipbj.com
elguije.com
auto2pl.com
route112mitsubishi.com
zilliq.com
pumateam04.com
xtzztf.com
sacmaudantoc.xyz
kalafwalker.com
jumeaux-numeriques.com
purposefulwork.com
jacquelineblog.info
Targets
-
-
Target
RFQ QH211013.exe
-
Size
892KB
-
MD5
4df25b1c20737e69fed5b6efa397653b
-
SHA1
a6488e2bbdb996e960a53ac240db045f8ecaf0f2
-
SHA256
8d0f3056715cf96af14714339ef1bc6fef37da86983bd0ba175e098eb0c2be8b
-
SHA512
b8f5d45cd9e4d52331d48c52d84a0c43369a86a1a4ac0e7d534710887b5d59018b08a1a46db72c93d694d44e016db0508a41dac3d245c3781726e113f44bd66d
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-