General
-
Target
418d0a404118bfad6b0a926c6f8f8fd587d1a8517e92729531139c6bbe0c0ebb
-
Size
519KB
-
Sample
211022-hjx2psbbh5
-
MD5
2ec3d70225772498f80108a182cce96c
-
SHA1
6da53a575bb0b6fb0bf43cb08a0d39bf7ba3f70c
-
SHA256
418d0a404118bfad6b0a926c6f8f8fd587d1a8517e92729531139c6bbe0c0ebb
-
SHA512
f8f4c39601fdf1fe6e115c9b423fb89d5225b91eb82b4e758945e7143caef6fae55b3df3cd19940e12160f9ea494c3b464be6c3833254a6a78e5765e429e2322
Static task
static1
Malware Config
Extracted
formbook
4.1
ed9s
http://www.vaughnmethod.com/ed9s/
pocketoptioniraq.com
merabestsolutions.com
atelectronics.site
fuxueshi.net
infinitystay.com
forensicconcept.site
txpmachine.com
masterwhs.xyz
dia-gnwsis.art
fulltiltnodes.com
bigbnbbsc.com
formation-figma.com
bonanacroin.net
medicalmarijuanasatx.com
bagnavy.com
aaegiscares.net
presentationpublicschool.com
bestyousite.site
prescriptionn.com
beyondthenormbouquets.com
sinclairsparkes.com
yesterdayglass.com
lj-safe-keepinganwgt76.xyz
winlegends.com
perthvideoproduction.com
sgh.technology
athletik.biz
cardealergame.com
ugkhmel.xyz
4346emerald.com
soulconstructionservices.com
dalmac-nj.com
marylink.net
gentciu.com
insidecity.company
wensum-creations.com
frontwonline.com
8xovz.xyz
pickaxecoffee.com
stonezhang.top
markmra1995.site
valleysettlewash.top
canadabulkmushrooms.com
shiningoutdoors.com
elysiarv.xyz
artoidmode.com
whileloading.com
crgcatherine.com
usa111.com
tourmalinesepiapirole.info
infodf.xyz
girldollg.xyz
paypal-caseid581.com
bymetronet.com
outranky.com
bankinsurance.site
iscinterconnectsolutions.com
networth.fyi
fastplaycdn.xyz
fernradio.com
sergeantrandom.net
islamic-coins.com
naplesgolfcartbatteries2u.com
seniormedicarebenefits.net
Targets
-
-
Target
418d0a404118bfad6b0a926c6f8f8fd587d1a8517e92729531139c6bbe0c0ebb
-
Size
519KB
-
MD5
2ec3d70225772498f80108a182cce96c
-
SHA1
6da53a575bb0b6fb0bf43cb08a0d39bf7ba3f70c
-
SHA256
418d0a404118bfad6b0a926c6f8f8fd587d1a8517e92729531139c6bbe0c0ebb
-
SHA512
f8f4c39601fdf1fe6e115c9b423fb89d5225b91eb82b4e758945e7143caef6fae55b3df3cd19940e12160f9ea494c3b464be6c3833254a6a78e5765e429e2322
-
Formbook Payload
-
Suspicious use of SetThreadContext
-