General
-
Target
62f75c04145584721209a0d160d0f6b374e6b9465a759aba8e3f6c89ae67938f.bin
-
Size
306KB
-
Sample
211229-grxkgaeef8
-
MD5
372a40e50a902c3d708ad7879289f3b1
-
SHA1
9a9de665d27033ff3846f209b19bd117852eed49
-
SHA256
62f75c04145584721209a0d160d0f6b374e6b9465a759aba8e3f6c89ae67938f
-
SHA512
893d3417b704ce328dcb7b62ae81c1bed674f6ec61fd4ff9499d4ecf1c328b5bb24f044d8ec1f6fe61ecfe6ce1862876917095fc61bdf37cd004930a6d4061bd
Static task
static1
Behavioral task
behavioral1
Sample
62f75c04145584721209a0d160d0f6b374e6b9465a759aba8e3f6c89ae67938f.bin.exe
Resource
win7-en-20211208
Malware Config
Extracted
formbook
4.1
mg0t
3949842.com
webxdigital.net
dirums.online
metawiser.com
takefreepass.com
colphata.com
searchwebsafety.online
unrule.net
merch.ventures
tooreake.xyz
leonelaperu.com
qiangcai.xyz
cocco24.com
lovinganime.com
mbfad.com
historytodaygameshow.com
gadgetwellprotected.com
nutritoken-diet.com
liberty-lilies.com
singleofficial.com
zoetopbusinessco.limited
arcaderacinggame.com
drinkaroo.com
og980.com
gzfenghai.com
nlemgka.xyz
sellcust.com
porudir.xyz
pokerbeta257.com
5gulk.xyz
uncafeconmipsicologa.com
xn--lageya-5ya.online
deploit-cs.com
oppiduim.online
passionafrofood.com
cscs-jv.com
91-3g.com
momtalk.online
plagiator.net
gettitanwindows.com
reefabaya.com
dillonrosshomes.com
istofficial.com
fatmailhanasm.com
marketcrestwiki.com
soulmade-studios.com
crushcopilot.com
maryjoubert.com
mydeskercise.com
seguridadlaboralkutxa.com
lovely-home.net
nnihinho.xyz
zgicp.net
uintahgc.com
dricstif.com
faithirelandcoach.com
allprofly.xyz
momentousedition.com
nbselari.com
mongoexpert.xyz
hayllla.com
ramirez-transport.com
osouji-kaizu.com
dethmvtch.com
q0yczwyc.asia
Targets
-
-
Target
62f75c04145584721209a0d160d0f6b374e6b9465a759aba8e3f6c89ae67938f.bin
-
Size
306KB
-
MD5
372a40e50a902c3d708ad7879289f3b1
-
SHA1
9a9de665d27033ff3846f209b19bd117852eed49
-
SHA256
62f75c04145584721209a0d160d0f6b374e6b9465a759aba8e3f6c89ae67938f
-
SHA512
893d3417b704ce328dcb7b62ae81c1bed674f6ec61fd4ff9499d4ecf1c328b5bb24f044d8ec1f6fe61ecfe6ce1862876917095fc61bdf37cd004930a6d4061bd
-
Formbook Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-