General
-
Target
maxx[1].bin.zip
-
Size
296KB
-
Sample
211109-ntkr1sfbc8
-
MD5
0719cc6dc1c4983588fa8c3f1891cbe0
-
SHA1
93822e20411c38ad9b0d81dc8a2331dd6f1244a2
-
SHA256
f52385cdf40462b777d24c08f82828b1d28fdfce3e07873c918266686a3914f9
-
SHA512
5a65601e9efbb11b6931a379c06e68e7add72546ec1a58e5bb746bb8fb638fc54a692f32ee5de8b79ecd446f1da2e335caddf21a8c13235723cdb4bc0493d29d
Static task
static1
Behavioral task
behavioral1
Sample
maxx[1].bin.exe
Resource
win7-en-20211104
Malware Config
Extracted
formbook
4.1
dyh6
http://www.tttk8.site/dyh6/
ximmgepn.xyz
bonitacandle.com
thesneakerhubofficial.com
miabags.online
maboxhistoire.com
viral22.com
gracebruno.xyz
safetycare.xyz
aerith.store
mountaingirlbbq.com
bhbuildertest-ecom.space
klhcn.com
guizhouhl.top
noreply-engagementboost.com
derdmlaucaty.store
viffetrade.com
iesyttsn.xyz
msumon.com
autoforos.com
carlosmorgan.com
fondoflouisville.com
bhbyildiz.xyz
selfpublishingpro.net
towelfruit.xyz
unoriginality.info
bep20-binance-smart-chain.com
surreeke.com
anaxita.com
4pxshop.com
edt-touchdisplay.com
datingbright.com
0663725.win
misoftware.net
okulsepette.info
pheloms.xyz
44255.online
navrangfoam.com
two-angels.com
redhotasian.com
spiderrich.com
tongchengkduv5.com
ladyetrish.com
canafincr.com
presetbyzee.tech
k9120.com
casagrande-interiors.com
unitalk.ink
plasticitytrading.com
trendyrevivals.com
gulfhorizonsa.com
belgaben.com
kathleenmock.net
25madisonhealth.com
xundaduanxin.com
skinpromelaka.com
hbmdrop.com
tradinvestor.com
actual-live.com
bkjgni.xyz
brennatdee.com
currencywallet.xyz
rideandslideskateboards.com
temptationtan.com
villageeastofada.com
Targets
-
-
Target
maxx[1].bin
-
Size
311KB
-
MD5
5336c524e14753aeacf55d47d243a5c7
-
SHA1
57dd79737e08b2669fec5926fb6d283e36fccee3
-
SHA256
58de41e1c48a304c1f7f289fe5c8976d82b8968aae89497adf7c60cda25deaaf
-
SHA512
9237b2e210b4c9c2a61baec0306d826f0b93fe7f52734ca0fe59a87aa23a453466320ecc49b728ce87bc26d1884e3a7e6b8d0c683497bc10891a5fb88dd5feac
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-