General
-
Target
TNT AWB TRACKING DETAILS.exe
-
Size
245KB
-
Sample
220125-rmt9nahbh8
-
MD5
2e906caf5e155d01f62a1246ac5b59d8
-
SHA1
ed84833e46816b8831be67a0003d8c5fc47b3cad
-
SHA256
5f3980e6686fe4d2dc41f24e42287d082cc894a57078e69e4a9554bec20ff5cc
-
SHA512
8f439da9c35ce7974ea2ccb3a47d372c88daf968fb9361536753ca0dc6982e55d2f82c176d32abeb3e91bbcce4c514965227c1740c3ca50df664177db748f25d
Static task
static1
Behavioral task
behavioral1
Sample
TNT AWB TRACKING DETAILS.exe
Resource
win7-en-20211208
Malware Config
Extracted
formbook
4.1
a34b
mesonarte.com
eksiwakun9.xyz
dustcollectionconsultant.com
heliosarchitecture.com
chinaanalysisgroup.com
nimbinhillshemp.com
ychain.biz
mountshastaart.com
monstermangoloco.com
bodhiandbear.com
rootednft.xyz
metayema.com
zw21.xyz
criccketworld.com
segurobarato.net
ananyacap.com
momo-momo.xyz
ezrealestatedeals.com
ghrde.xyz
idimol.com
pcthspoe.xyz
thewhiteswanharringworth.com
che8760.com
85111280.xyz
apteka-magnolia.com
proach.online
portfolioabeckford.com
affilinvest.com
subspank.xyz
odessamadrecoffeehouse.com
onetrade.biz
tianfuhg.com
kibtitalikeniwenti.com
terriblearttours.com
saudirelief.com
metacourting.xyz
kimera.blue
mgpsfm.com
metawzrd.com
veahhiodl.xyz
alimasurfhotel.com
sirensandiego.com
gd-hxgg.com
aurorarift.com
clingbee.com
zettavisor2021.xyz
gregoryryankramer.art
robertsonfandc.com
sociedadgeograficacafe.com
emilyhkeefer.com
v-hush.com
judithtuttle.xyz
itbrandlink.com
carrybicycles.com
storge-evolution.com
socnhhpa.xyz
victorzark.com
ghettoguy.com
redtruckguy.com
jeanmariewallendorf.com
ocpdtel.xyz
democracies.online
bw529twonineh5.world
chinhdohuyenthoai.xyz
hdetpnipa.xyz
Targets
-
-
Target
TNT AWB TRACKING DETAILS.exe
-
Size
245KB
-
MD5
2e906caf5e155d01f62a1246ac5b59d8
-
SHA1
ed84833e46816b8831be67a0003d8c5fc47b3cad
-
SHA256
5f3980e6686fe4d2dc41f24e42287d082cc894a57078e69e4a9554bec20ff5cc
-
SHA512
8f439da9c35ce7974ea2ccb3a47d372c88daf968fb9361536753ca0dc6982e55d2f82c176d32abeb3e91bbcce4c514965227c1740c3ca50df664177db748f25d
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-