General
-
Target
Lista de orden.exe
-
Size
678KB
-
Sample
211018-jm137sdbh7
-
MD5
56e3b23ff5014365be8785798915153d
-
SHA1
9122dda119752ad069799253e0fc11d979fab382
-
SHA256
01c538b5dacde9dff4c4dc98edddce878a91490b182ff918bfd396a99498118f
-
SHA512
ff629476499cfaac9adffd43019fca06fbbb311e3685896e838f281faeb0da46cab0911a1047ff3c216c92bdf3eb6e6c8158f89f7d8c9a269ec286efebdaa10b
Static task
static1
Behavioral task
behavioral1
Sample
Lista de orden.exe
Resource
win7-en-20211014
Malware Config
Extracted
formbook
4.1
bc3s
http://www.topei-products.com/bc3s/
anna-ng.com
mariangelamata.com
szqnbl.com
nesherguitars.com
mysekrit.com
againbeautyviensui.xyz
appf.life
bilalsolution.com
technoratii.com
11restoran.com
birthingly.com
crystalcarrillo.com
cohenasset.info
bunchofdesign.com
highstreetmag.com
talentkerning.com
outdoor-glassesadvice.com
aliceeety.com
habbuhot.info
pao91.com
resgatarpontosparavoce.com
tuancai.net
cnynckcrw.com
visaza.com
paulettecallen.com
kandmfinancialgroup.com
malibuclassix.com
thespoonteller.com
vidyaxyp.com
xn--gmsepetim-q9ab20j.com
saudesexualdoshomens.com
safehandmarketing.com
yebimhieu.site
alimitchellmedia.com
andrewpatrickpiette.com
astro-paradise.com
domainechoquet.com
navihealthpartners.com
detroitveganseafood.com
spankingandpunishment.com
magalu-queromais.com
mallsinup.com
rmsnidlogini.cloud
lifeisveryessential.com
stolzfus.com
iniciala.com
designslayers.com
clinivahq.com
ubersms.com
welenb.com
skyegroupllc.com
happyburger.net
moredate-s.com
alon-mail.com
voceprofessor.com
dokadveri.com
lafabricadisseny.com
westwooddesign.net
blossoms-boutique.com
jumtix.xyz
dietgulfport.com
soccerstreamer.com
lapurtcedd.com
secret-mall.com
Targets
-
-
Target
Lista de orden.exe
-
Size
678KB
-
MD5
56e3b23ff5014365be8785798915153d
-
SHA1
9122dda119752ad069799253e0fc11d979fab382
-
SHA256
01c538b5dacde9dff4c4dc98edddce878a91490b182ff918bfd396a99498118f
-
SHA512
ff629476499cfaac9adffd43019fca06fbbb311e3685896e838f281faeb0da46cab0911a1047ff3c216c92bdf3eb6e6c8158f89f7d8c9a269ec286efebdaa10b
-
Formbook Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-