General
-
Target
e__ample_at.exe
-
Size
696KB
-
Sample
211019-qvlf2sfhc6
-
MD5
4b893ddd41f5546da9ab79b8f3e8487a
-
SHA1
36b2dcb7e232ca1b6f5be4f480334fea7075acdb
-
SHA256
10395ba8c32eeef47f5d79f9fe7bb15ed1f67f7941cade16604b09ed69fba6ab
-
SHA512
d6e0e214db78df936c210a8b05ae3caddbf6a948d877abad78b6e803f88cd1402519156fd83f2ce4901fb8d13a4e8830a7dcfe327b2df85f98068ce5c7575714
Static task
static1
Malware Config
Extracted
formbook
4.1
bs2l
http://www.amazonsfinds.com/bs2l/
file-anae.com
letsgosunderland.com
urgome.com
g5tet.xyz
myline2online.com
crafty-buck.com
uralpack.net
chinmeat.com
kursuskekipoh.com
justgantt.com
hqh.xyz
xiongege55.com
pokebrostogo.com
firststonemusic.com
bataviabento.com
comoditahandyshop.com
dayloniabeauty.com
ceeonec.com
scribblerhub.com
lindosueno.com
curatedelearning.net
seedparlour.com
veganleetruck.com
commscholar.com
syuto-ene.com
inspirainstitute.com
tmlsheltons.com
happinesssearch.com
finalstepcleaningservice.com
xcwwjzsb.com
linkmedgf.com
donnieandbrasco.com
greatestmeacademy.com
husainatalqara.com
222666dy.com
theproperconsultant.com
katherinexu.com
geredemiz.com
acres-of-loveshop.com
live-cam4sex.com
affineindia.com
oktirefwb.com
southernsoulcafe.com
wallylakesidecottages.com
zhenyanjx.com
phoebook.com
welovechurrosusa.com
sippingaggressively.com
verstechms.com
bulabluespropertiesllc.com
fallspill.com
factorycheckout.com
vanessarosejewellery.com
xn--fazlsay-tfb.com
microsoftinternational.com
xiaohe-yidian.com
favoriturizm.com
thisisdreamland.com
eatchar.com
8ky2.com
nexusurl.com
escapadogs.com
theofficialserenasolbrown.com
estambrilandia.com
Targets
-
-
Target
e__ample_at.exe
-
Size
696KB
-
MD5
4b893ddd41f5546da9ab79b8f3e8487a
-
SHA1
36b2dcb7e232ca1b6f5be4f480334fea7075acdb
-
SHA256
10395ba8c32eeef47f5d79f9fe7bb15ed1f67f7941cade16604b09ed69fba6ab
-
SHA512
d6e0e214db78df936c210a8b05ae3caddbf6a948d877abad78b6e803f88cd1402519156fd83f2ce4901fb8d13a4e8830a7dcfe327b2df85f98068ce5c7575714
-
Formbook Payload
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-