General
-
Target
HIC INTERNACIONAL - DOCUMENTS(RFQ20212211).exe
-
Size
821KB
-
Sample
211103-paa9xadfg3
-
MD5
ffd35b1b25dc314e2dc8f85e8f9b4496
-
SHA1
3b026a316aeb62a216bd7a4a318183ceed9e4b1b
-
SHA256
97e2308f489be583ecaa74518e3c42be2da1e3f61347b983eed293ce3424a5f7
-
SHA512
1dbe3cb19ab9308f832a7101da009a776e22560d4947f52140215392026286251b24ce34270ec346063236e8276157710c033270eace42c10ba41644f2ecd0ed
Static task
static1
Behavioral task
behavioral1
Sample
HIC INTERNACIONAL - DOCUMENTS(RFQ20212211).exe
Resource
win7-en-20211014
Malware Config
Extracted
formbook
4.1
cnp0
http://www.ccnsv.net/cnp0/
jiarenyuanhunlian.com
xquizitelashesnwaxx.com
rentinerie.com
herbalpedia-id.com
openseagames.com
re-swap.com
william-cook.com
segensv.com
versebay.com
brendanlairdsound.com
bypestor.com
hospitaldelpc.net
wwwroadrunnerfinancial.com
waterhammerstudios.com
hustleandbank.photography
secure01bchslogin.com
rarepeperanking.com
greatland.company
happybirthdayjewel.com
raheok.store
citrusarrow.coffee
midwest-oktoberfest.com
dpcuow.com
creativeartsfilmacademy.biz
sse-audio.com
offertasuperfibra.com
gizpsikolojikdanisma.com
7aomoquzb9.com
filthycarproductions.online
fuquba.com
lovinzion.com
istanbulmadencilik.com
treasuretroveofrecipes.com
exploitporbrl.xyz
seneorreward.com
sx-mz.com
mylcsservices.digital
paidimage.xyz
tayyqc.com
congoqueen.com
cerrajerovalls.online
iwasehokenservice.net
chuahoinach.net
savouri.online
brandonjanisieski.com
seo-clicks7.com
aplusvibe.com
incotporate.com
webdyx.com
pit.land
sdnfmrmi.com
skinbluecap.com
maestractiva.com
tianshunhong.com
maddenconstance.com
wonderkdesign.com
keycuracao.com
lebzcl.com
toriyabeblog.com
clicksfrog.com
the22yards.club
peakprocesssolutions.com
sustainabilityreview.com
onceuponawreathde.com
Targets
-
-
Target
HIC INTERNACIONAL - DOCUMENTS(RFQ20212211).exe
-
Size
821KB
-
MD5
ffd35b1b25dc314e2dc8f85e8f9b4496
-
SHA1
3b026a316aeb62a216bd7a4a318183ceed9e4b1b
-
SHA256
97e2308f489be583ecaa74518e3c42be2da1e3f61347b983eed293ce3424a5f7
-
SHA512
1dbe3cb19ab9308f832a7101da009a776e22560d4947f52140215392026286251b24ce34270ec346063236e8276157710c033270eace42c10ba41644f2ecd0ed
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-