General
-
Target
c0ff9a8d774456c0cc9fab103ea9beb61612b4a5
-
Size
250KB
-
Sample
211018-q1lzrsdfd2
-
MD5
7e5a66d60785aa472414f3d9c7cfa399
-
SHA1
c0ff9a8d774456c0cc9fab103ea9beb61612b4a5
-
SHA256
be576dcff77ebe92995348e2713ebef67c7503ef908f85e8227746942d2985eb
-
SHA512
acbba3933dd9aa44c9de9d9ad23b734c0209c75d884442a3896720764584d4d1277c2c2fe605d61509fa0edfef10e7db3593e4e0f199e77dea7a639409f0b46c
Static task
static1
Behavioral task
behavioral1
Sample
c0ff9a8d774456c0cc9fab103ea9beb61612b4a5.exe
Resource
win7-en-20211014
Malware Config
Extracted
formbook
4.1
mg0t
http://www.q0yczwyc.asia/mg0t/
3949842.com
webxdigital.net
dirums.online
metawiser.com
takefreepass.com
colphata.com
searchwebsafety.online
unrule.net
merch.ventures
tooreake.xyz
leonelaperu.com
qiangcai.xyz
cocco24.com
lovinganime.com
mbfad.com
historytodaygameshow.com
gadgetwellprotected.com
nutritoken-diet.com
liberty-lilies.com
singleofficial.com
zoetopbusinessco.limited
arcaderacinggame.com
drinkaroo.com
og980.com
gzfenghai.com
nlemgka.xyz
sellcust.com
porudir.xyz
pokerbeta257.com
5gulk.xyz
uncafeconmipsicologa.com
xn--lageya-5ya.online
deploit-cs.com
oppiduim.online
passionafrofood.com
cscs-jv.com
91-3g.com
momtalk.online
plagiator.net
gettitanwindows.com
reefabaya.com
dillonrosshomes.com
istofficial.com
fatmailhanasm.com
marketcrestwiki.com
soulmade-studios.com
crushcopilot.com
maryjoubert.com
mydeskercise.com
seguridadlaboralkutxa.com
lovely-home.net
nnihinho.xyz
zgicp.net
uintahgc.com
dricstif.com
faithirelandcoach.com
allprofly.xyz
momentousedition.com
nbselari.com
mongoexpert.xyz
hayllla.com
ramirez-transport.com
osouji-kaizu.com
dethmvtch.com
Targets
-
-
Target
c0ff9a8d774456c0cc9fab103ea9beb61612b4a5
-
Size
250KB
-
MD5
7e5a66d60785aa472414f3d9c7cfa399
-
SHA1
c0ff9a8d774456c0cc9fab103ea9beb61612b4a5
-
SHA256
be576dcff77ebe92995348e2713ebef67c7503ef908f85e8227746942d2985eb
-
SHA512
acbba3933dd9aa44c9de9d9ad23b734c0209c75d884442a3896720764584d4d1277c2c2fe605d61509fa0edfef10e7db3593e4e0f199e77dea7a639409f0b46c
-
Formbook Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-