General
-
Target
Invoice 3284 sales invoice.exe
-
Size
416KB
-
Sample
211018-crvcwsdac4
-
MD5
984eae99ede6562cf394483a1600c4a3
-
SHA1
75d1a2b5c8cd64dbe8b6470e47c8016db541b794
-
SHA256
e827c29f504045d8e6d8a2eb622a571f83e1bf9afaa8f1b839af76f457b45135
-
SHA512
2916b72e8bc5c4f8f610f8e24437c2c28847d5b0de471cb100a923b9ab726e8262b4354311dee5ae3c7f2ec02ef6f8b8358e743f29b4457947079c67a022aaf7
Static task
static1
Behavioral task
behavioral1
Sample
Invoice 3284 sales invoice.exe
Resource
win7-en-20211014
Malware Config
Extracted
formbook
4.1
r4gk
http://www.aprilsaak.quest/r4gk/
quantalix.com
animalblog-eggs.com
039skz.xyz
guttas.net
lasantadayparty.com
protegerfinanceservices.com
vixtest.xyz
digitaleconomy.global
0xpax.xyz
mobilehome1688.com
themotionpartners.com
valueney.com
hattuafhv.quest
js0061gj.net
360metaverse.biz
seculardata.com
346727688.xyz
smartmapom.com
moksel.com
exoduswatchco.com
cryptopazar.com
constructioncdr.com
teamlsu.club
vitalflowscam.com
participatetn.info
daysyou.com
beautifulhandwriting.net
risccredit.com
coachingwithkyle.com
tedthemusicguy.com
theukulelejournal.com
enpratikyemektarifleri.com
reaching-far.com
investmentcomp.com
digitalzonecorp.com
internet-treat.com
oligopoly.club
thepropertiesmatterlawfirm.com
jsi.money
8mlcvtd4y.com
tjc075kcn.xyz
floribunda.space
clinpic.com
zhizhengsf.com
thebestsmartphones.com
robertaeelton.com
upcxi.xyz
graywolfdesign.com
elitespeedco.com
asia99.asia
021parkert.com
seo-clicks7.com
com103940689794.icu
thegisguru.com
api-22nnys.com
srothientu.com
hfhcatering.com
strukuwehtet.quest
extramovies.quest
monamodda.com
markbuyskes.com
smartar8.xyz
illarrivelatebut.space
gestionestrategicadl.com
Targets
-
-
Target
Invoice 3284 sales invoice.exe
-
Size
416KB
-
MD5
984eae99ede6562cf394483a1600c4a3
-
SHA1
75d1a2b5c8cd64dbe8b6470e47c8016db541b794
-
SHA256
e827c29f504045d8e6d8a2eb622a571f83e1bf9afaa8f1b839af76f457b45135
-
SHA512
2916b72e8bc5c4f8f610f8e24437c2c28847d5b0de471cb100a923b9ab726e8262b4354311dee5ae3c7f2ec02ef6f8b8358e743f29b4457947079c67a022aaf7
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-