General
-
Target
29383773738387477474774.exe
-
Size
617KB
-
Sample
211111-vm9acsbgb8
-
MD5
5acf0ea10b1a066dc0e959b16775b65a
-
SHA1
53c8f522717f86b011396816a2ded4d01a33b0c8
-
SHA256
418718725035504832c3febfb2372a9a5bb117d9811dcc67d1f290f8dd9900f4
-
SHA512
377a4ef79d36e4d91542a2d8f1e47c06d13f78ed12e3047b5a933a04e6cb2bb2d3a11d93f3983818b02e3984338de1e7c2ff0d910b0c436fee2cd840c7ca17e3
Static task
static1
Behavioral task
behavioral1
Sample
29383773738387477474774.exe
Resource
win7-en-20211014
Malware Config
Extracted
formbook
4.1
ob7y
http://www.metanewsroom.net/ob7y/
ipsdjf.com
mlphntec.com
restaurant-day.store
writeramylong.com
flokigamefi.com
usetianyi.xyz
punishstrikebreaker.quest
ericnfleming.com
dhhwtieen.xyz
milfhackers.com
fewefie.store
pithstsdiet.store
kirsten-hemmerich.com
casinolopoca.com
sigag.xyz
geilepoes.com
metawhatsapp.art
sarjin.xyz
toprabatte.net
lotofbrave.club
ladydunyasi.com
oeooaoio.xyz
ifarh.com
geovaluablehack.com
heatherwoodrealestate.com
788027.com
groweth2gloweth.com
corryandbee.com
chatech.community
defholdingsus.com
gymandsports213.sbs
safaknet.com
rnisk.store
yhsps.com
taxlawyeral.com
liberiathelandofreturn.net
beniclothingstore.com
onecashadvance.com
metawhatsapp.delivery
chseovx.xyz
fiftyix.com
ambassadorbed.com
doktorhelp.com
memoryck.com
ceto21.com
zomerubo.rest
tyoutrannyvidep.com
3cbzfhhx5.com
cryleo.com
thebigass.online
ofd-trade-sender.com
elchinazizov.com
shakilimam.com
soporhojecast.com
reyestacosrestaurant.com
supdeszka.com
kredit-option.com
sharonallenart.com
destockage-international.com
immediate-edge-pl.xyz
jmsjszc.com
mojuwangluo.com
tr4ders.com
zilingodigitize.com
Targets
-
-
Target
29383773738387477474774.exe
-
Size
617KB
-
MD5
5acf0ea10b1a066dc0e959b16775b65a
-
SHA1
53c8f522717f86b011396816a2ded4d01a33b0c8
-
SHA256
418718725035504832c3febfb2372a9a5bb117d9811dcc67d1f290f8dd9900f4
-
SHA512
377a4ef79d36e4d91542a2d8f1e47c06d13f78ed12e3047b5a933a04e6cb2bb2d3a11d93f3983818b02e3984338de1e7c2ff0d910b0c436fee2cd840c7ca17e3
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-