General
-
Target
USD54,884.56_202110260056MT103_0034D.exe
-
Size
267KB
-
Sample
211026-h9ja8sghg9
-
MD5
9eea5277e11627651e1628b7da56044d
-
SHA1
b6b160d2d53f9b55e186b809654519bb095399d9
-
SHA256
827b490e3a19a6c6e1fb7766e3a85957648c133fb6fb6a15cb48100dd8b06422
-
SHA512
f2fc56a72ae74bf9cf1aee7cadf48c29ec0da1129c242bfd3cb54430820cfdb0068afac7f7c6bf96e2a4071b2abb2e3c2a0be840c40ffb689a869c73fad85498
Static task
static1
Behavioral task
behavioral1
Sample
USD54,884.56_202110260056MT103_0034D.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
nd1w
http://www.ahlongpteltd.com/nd1w/
cartographieinterieure.store
de-tanautorisierung-6439.xyz
maxisezon.com
spottsalodio.xyz
thesocialguild.net
petemergencydoctor.com
czhtfmgj.com
incontrilocalimilano.com
132kingrd.com
clearviewsatellitesolutions.com
shopingmanplus.com
compuserviciosway.com
millportservicesltd.com
ticketinsurey.club
metro-club.com
aboutpoliticsofatom.com
brebawake.com
yurteam.com
dropadoo.com
wcsaroma2012.com
yaoyao800.com
utilitysresources.store
jobskarlsruhe.com
tuliotrevas.com
yearecep.com
pathtocyber.com
mstf.world
volber.online
soutsocial.top
eczanemaslak.xyz
longgocabs.com
war.love
builttotradeoptions.com
kolombor.website
fellowscon.net
biosthetique.store
xn--bysx94a.net
takeshi-toshi.com
over-the-mountain.com
luneandlakescleaning.com
aolcomhomepage.com
rentalforkliftsurabaya.com
sucesao.pro
dajiangchf.com
tourtoll.xyz
teksttrainer.online
carnevacunacion.net
j1qlgx.com
vinstore.xyz
juyangkeji.xyz
scorpiongold.net
klasoftware.com
carbonboys.com
0668hj.com
puntocomcelulares.com
technoblooms.com
vemssc.icu
get-caasebake-now.xyz
kikiandjase.online
northfacecoatsforwomen.com
flormar.store
cosplaysquidgame.com
soulshinebar.com
makingsides.com
Targets
-
-
Target
USD54,884.56_202110260056MT103_0034D.exe
-
Size
267KB
-
MD5
9eea5277e11627651e1628b7da56044d
-
SHA1
b6b160d2d53f9b55e186b809654519bb095399d9
-
SHA256
827b490e3a19a6c6e1fb7766e3a85957648c133fb6fb6a15cb48100dd8b06422
-
SHA512
f2fc56a72ae74bf9cf1aee7cadf48c29ec0da1129c242bfd3cb54430820cfdb0068afac7f7c6bf96e2a4071b2abb2e3c2a0be840c40ffb689a869c73fad85498
-
Formbook Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-