General
-
Target
CC2107139144.exe
-
Size
856KB
-
Sample
220125-l3yzwsdgf8
-
MD5
51beaa7443a361691a0cbef6e56d890b
-
SHA1
5a851452118c729d94b99f83c85cd819f5f96de6
-
SHA256
bdfb763b51cd4a618ad0d10388f1f478d1acddc7917891a990e8f390c9319b76
-
SHA512
2f41652699b858e31182ad7c14593034c75c78929ce24ab1ec65cf62f800cc04e0c64acc08a3e4c3d28d5d38769a829d38ce4fa684ed89f384ca663bb1b4a440
Static task
static1
Behavioral task
behavioral1
Sample
CC2107139144.exe
Resource
win7-en-20211208
Malware Config
Extracted
formbook
4.1
v32s
water-hada-utsukushii.xyz
9v6v.com
rechtsanwalt-trnka.com
lets-eat-healthy.com
vannyscreamycreations.com
cosy-bamboo.com
leedexamtraining.com
lilbusinessowner.com
cncvietnam.net
gpsplayback.com
aroidaddictfl.com
patienpower.info
777londonescorts.com
whrpky078.xyz
yqamuh.com
virtualft.com
fanfanway.com
56789r.com
926397.com
kp-crane.com
thesocialmediaunion.com
9975888.com
jasperellis.com
print-excellent.com
mymaternacare.com
yuanmeisl.com
cashflows12daysofchristmas.com
kanhajipolyfilms.com
sexyfishsgp.com
starkelcapitalmanagement.com
speedplaner.xyz
georgiacryptos.com
thesmeeze.com
sinaschmeiter.com
urbanluxestudio.store
koamrealtyhi.com
photographybackpacks.com
1xbet-ve.xyz
nexteartheth.com
comedymint.com
campusinteractio.com
cretaurl0.com
silveradostudio.com
bogti.xyz
daonband.com
votek.online
wennft.xyz
punkratters.com
indiewilde.com
buydelishous.com
shoppingzware.com
regentautovaluers.com
lingquangou-e.one
sairamjalakamdevarajulu.com
ginakdesings.com
travpromobile.net
acupressuretips.com
maxizcollectibles.com
app015.com
xu6f5w5seihl.xyz
christinealbertsen.com
hypnosispastlives.com
creativevisionaries.net
hadyintenational.com
hitzcoins.com
Targets
-
-
Target
CC2107139144.exe
-
Size
856KB
-
MD5
51beaa7443a361691a0cbef6e56d890b
-
SHA1
5a851452118c729d94b99f83c85cd819f5f96de6
-
SHA256
bdfb763b51cd4a618ad0d10388f1f478d1acddc7917891a990e8f390c9319b76
-
SHA512
2f41652699b858e31182ad7c14593034c75c78929ce24ab1ec65cf62f800cc04e0c64acc08a3e4c3d28d5d38769a829d38ce4fa684ed89f384ca663bb1b4a440
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-