General
-
Target
pio837exe.zip
-
Size
452KB
-
Sample
211123-s4j1padfg4
-
MD5
1ab54a9ac8566683d853778a28571dd3
-
SHA1
e14983769dab7e5b50c6e7ad6ecec5b1a388ee03
-
SHA256
d8e1c3964e6e666e3af6555c96b09ef437fb69455ed882a5b4d88ac81d375073
-
SHA512
74200a7d6eb05066efc7b1ddd2bb60caa89e3c6532b42b318a68c7d52a95eac38969e34ce943799535238cfed28df3c3bc1873cf510c9259a33225529d280265
Static task
static1
Behavioral task
behavioral1
Sample
cc8d06af3ce6c4557c64caaccfa9932f56bfc9d4118d57f6ce506019f3ed39e4.bin.exe
Resource
win7-en-20211104
Malware Config
Extracted
formbook
4.1
3nop
http://www.jakesplacebarbers.com/3nop/
videohm.com
panache-rose.com
alnooncars-kw.com
trueblue2u.com
brussels-cafe.com
ip2c.net
influenzerr.com
rbcoq.com
zzful.com
drainthe.com
sumaholesson.com
cursosaprovados.com
genotecinc.com
dbrulhart.com
theapiarystudios.com
kensyu-kan.com
dkku88.com
tikhyper.com
aztecnort.com
homebrim.com
infinitilamp.com
leelegantflower.com
floor-space.investments
vidasustentavel.online
wholehearteddaughters.com
vipandeep.com
mdwovzrrm.icu
592215.com
academicplumbing.com
bestveganbook.com
theservantleader.com
nazarickdeveloper.xyz
delta-wing.com
girlfriendsgarb.com
sezyz11.com
ca3construction.com
smartswitchhomeloan.net
luckytwo.agency
ministry-of-barbers.com
babbageacademy.com
informationside.com
packapp.net
spacecoasthondaevent.com
thehealthyimmunereset.com
pjcavaliere.info
trebdurham.com
zhixintonghe.com
gon2580.com
dottproject.net
snakby.com
keeponsports.com
debbiewilsondesigns.com
stagingsolutionsgroup.com
forummondialdelamerbizerte.com
garnier.red
tempestchs.com
zpxinxi.com
jam-nins.com
inclusiocg.com
msmenders.com
whachupichu.com
pursemore.com
thebusinessfitclub.com
scootgotti.com
Targets
-
-
Target
cc8d06af3ce6c4557c64caaccfa9932f56bfc9d4118d57f6ce506019f3ed39e4.bin
-
Size
1.0MB
-
MD5
8a9b9387b7e538a769b997e9031b0932
-
SHA1
c9da2ee488bb13d838a61222e2bf4a95157aa7ee
-
SHA256
cc8d06af3ce6c4557c64caaccfa9932f56bfc9d4118d57f6ce506019f3ed39e4
-
SHA512
b696dbed435bedddadd101c6d7859dd797146a2ef245a36538b2ceecab77e4c14d417f0cc2ac8192608cb451385d3626ff319a43267ed3ec1acfcffa081d1bcf
-
Formbook Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-