General
-
Target
210293873747736464664GEH746464.exe
-
Size
649KB
-
Sample
211112-xzyeqseah5
-
MD5
50d1fc0f3ac939a140750b5b09e8267e
-
SHA1
32c48774e472eb67925f1db6bcc0b446c84c2676
-
SHA256
f0ce3a965f349d9686220460f1e32e3099352990b775521f9db8e45722a38729
-
SHA512
f05238ab9a3f985f59e9a986533cfeb13701f64cc689d87eb391873e68a8df006565ba0953c52cfc6c84d01e6bb0ed2ffdbca6854b8e29a181f5a8fd155cadee
Static task
static1
Behavioral task
behavioral1
Sample
210293873747736464664GEH746464.exe
Resource
win7-en-20211104
Malware Config
Extracted
formbook
4.1
ob7y
http://www.metanewsroom.net/ob7y/
ipsdjf.com
mlphntec.com
restaurant-day.store
writeramylong.com
flokigamefi.com
usetianyi.xyz
punishstrikebreaker.quest
ericnfleming.com
dhhwtieen.xyz
milfhackers.com
fewefie.store
pithstsdiet.store
kirsten-hemmerich.com
casinolopoca.com
sigag.xyz
geilepoes.com
metawhatsapp.art
sarjin.xyz
toprabatte.net
lotofbrave.club
ladydunyasi.com
oeooaoio.xyz
ifarh.com
geovaluablehack.com
heatherwoodrealestate.com
788027.com
groweth2gloweth.com
corryandbee.com
chatech.community
defholdingsus.com
gymandsports213.sbs
safaknet.com
rnisk.store
yhsps.com
taxlawyeral.com
liberiathelandofreturn.net
beniclothingstore.com
onecashadvance.com
metawhatsapp.delivery
chseovx.xyz
fiftyix.com
ambassadorbed.com
doktorhelp.com
memoryck.com
ceto21.com
zomerubo.rest
tyoutrannyvidep.com
3cbzfhhx5.com
cryleo.com
thebigass.online
ofd-trade-sender.com
elchinazizov.com
shakilimam.com
soporhojecast.com
reyestacosrestaurant.com
supdeszka.com
kredit-option.com
sharonallenart.com
destockage-international.com
immediate-edge-pl.xyz
jmsjszc.com
mojuwangluo.com
tr4ders.com
zilingodigitize.com
Targets
-
-
Target
210293873747736464664GEH746464.exe
-
Size
649KB
-
MD5
50d1fc0f3ac939a140750b5b09e8267e
-
SHA1
32c48774e472eb67925f1db6bcc0b446c84c2676
-
SHA256
f0ce3a965f349d9686220460f1e32e3099352990b775521f9db8e45722a38729
-
SHA512
f05238ab9a3f985f59e9a986533cfeb13701f64cc689d87eb391873e68a8df006565ba0953c52cfc6c84d01e6bb0ed2ffdbca6854b8e29a181f5a8fd155cadee
-
Formbook Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-