General
-
Target
tt copy 200393903.arj
-
Size
333KB
-
Sample
211110-nanpkagha8
-
MD5
20f5e1ff7fa3fc172615879fc425b094
-
SHA1
7aa7ac946f07c81bc9af393df2c63ec98e58b8e2
-
SHA256
cbdc5fba375e0c9798dba2c7f6fa8b093519cafd763569f34a9c9f88643f2aec
-
SHA512
73f15d848baa4ac992e108104ddab793a899819f0d2d0950f7727663dccfb5feb464c485adaaab2a5e212169a86e22b4578e0eaa9a69b106793b0d43fca855cc
Static task
static1
Behavioral task
behavioral1
Sample
tt copy 200393903.exe
Resource
win7-en-20211104
Malware Config
Extracted
formbook
4.1
ob7y
http://www.metanewsroom.net/ob7y/
ipsdjf.com
mlphntec.com
restaurant-day.store
writeramylong.com
flokigamefi.com
usetianyi.xyz
punishstrikebreaker.quest
ericnfleming.com
dhhwtieen.xyz
milfhackers.com
fewefie.store
pithstsdiet.store
kirsten-hemmerich.com
casinolopoca.com
sigag.xyz
geilepoes.com
metawhatsapp.art
sarjin.xyz
toprabatte.net
lotofbrave.club
ladydunyasi.com
oeooaoio.xyz
ifarh.com
geovaluablehack.com
heatherwoodrealestate.com
788027.com
groweth2gloweth.com
corryandbee.com
chatech.community
defholdingsus.com
gymandsports213.sbs
safaknet.com
rnisk.store
yhsps.com
taxlawyeral.com
liberiathelandofreturn.net
beniclothingstore.com
onecashadvance.com
metawhatsapp.delivery
chseovx.xyz
fiftyix.com
ambassadorbed.com
doktorhelp.com
memoryck.com
ceto21.com
zomerubo.rest
tyoutrannyvidep.com
3cbzfhhx5.com
cryleo.com
thebigass.online
ofd-trade-sender.com
elchinazizov.com
shakilimam.com
soporhojecast.com
reyestacosrestaurant.com
supdeszka.com
kredit-option.com
sharonallenart.com
destockage-international.com
immediate-edge-pl.xyz
jmsjszc.com
mojuwangluo.com
tr4ders.com
zilingodigitize.com
Targets
-
-
Target
tt copy 200393903.exe
-
Size
671KB
-
MD5
e13f4dfcb77ff3beec28d80ff2a770db
-
SHA1
8c68e428f86c45a80e41b48593df327499052410
-
SHA256
853cf471b4618048136973c2fb757f26f28d701fbe804285fa52c6f7388b4d12
-
SHA512
f043ea57dd797542107ff0948f9d6a0d7af3f342a61c5f8ca3f3d1fdad4ec8d1eb472ec4b22edef96355dbf72a0c162e3392b6f7d31706c8816e47df9f5a72b9
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-