General
-
Target
Factura de proforma pdf.exe.xz
-
Size
405KB
-
Sample
211026-y6j2csace5
-
MD5
e05521a7a033b62d8f207337de85f51f
-
SHA1
88d58dd2203794c9d682b1a8aa9af2fcda3b79eb
-
SHA256
8f515e0d3392a63a17de79305c5126f3cde691ebb5cffc97c611cc11b1f3ba7e
-
SHA512
f82cb73dff9c64664a20fd25aea4abecd47c919fbe18d2ba89404ccbf1e974cf51889c26b9f32a9bfb459f3fa7a52d816bae4c6df9cf26db50c09e48bb0b81dd
Static task
static1
Behavioral task
behavioral1
Sample
Factura de proforma pdf.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
n7ak
http://www.kmresults.com/n7ak/
modischoolcbse.com
theneverwinter.com
rszkjx-vps-hosting.website
fnihil.com
1pbet.com
nnowzscorrez.com
uaotgvjl.icu
starmapsqatar.com
ekisilani.com
extradeepsheets.com
jam-nins.com
buranly.com
orixentertainment.com
rawtech.energy
myol.guru
utex.club
jiapie.com
wowig.store
wweidlyyl.com
systaskautomation.com
citromudas3a.com
plasticstone.icu
pawchamamapet.com
beautybybby.com
mor-n-mor.com
getoffyourhighhorses.com
chieucaochoban9.xyz
grahamevansmp.com
amplaassessoria.net
nutricookindia.com
wazymbex.icu
joansironing.com
hallforless.com
mycourseprofits.com
precps.com
cookislandstourismpodcast.com
bestonlinedealslive.com
bug.chat
ptjbtoqonjtrwpvkfgmjvwp.com
tortniespodzianka.store
qxkbjgj.icu
aurashape.com
guinealive.com
mondialeresources.com
offthebreak.site
maxamproductivity.com
thebiztip.com
thelocalrea.com
laeducacionadistancia.com
inpakgroup.com
lvgang360.com
allvegangoods.com
tymudanzaramos.com
simpleframeswork.com
thehappycars.com
directfenetres.net
norskatferdsterapi.com
hostingcnx.com
ksmh5x.com
thespiritworldinvitational.com
jetsetwilly3.com
gameflexdev.com
tryhuge.com
vaporvspaper.com
Targets
-
-
Target
Factura de proforma pdf.exe
-
Size
1017KB
-
MD5
d5916f06d0a76a83e7c2c821d8c24f33
-
SHA1
90aa11268187928fe78454be1f63de41e6da3a90
-
SHA256
edcb4f8ebec3c0a7aa59ee179a97468c2fe8ef6ed05e9fcc402f34eb817eb4df
-
SHA512
12a97d48169f87fe7d6f27d6f620092178c4271fa6d049eb92e7166a6a302fec481629d88cf5dad0b970c0808edb1613b9e2581188c8d66ba864d3258ddec2a0
-
Formbook Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-