General
-
Target
Quotation.exe
-
Size
792KB
-
Sample
220125-rmtywshbh6
-
MD5
4896d39c691c80da22e0820c28ce8afd
-
SHA1
05cb9fcefddf18ce6f66cb6c7454ea64d98eff1c
-
SHA256
27b119bcaa4cbf8aa1724911fcf3e21917f0a4db830075cea3e5072fc525db32
-
SHA512
4934b61592847a23023639e80bc95240e186f780fd358b63582bb39dcd39a1026137b0c5639cc61fcd8ec5919e7e422de1f8dbdf1b2b2b0d3b343ae97d3c2270
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7-en-20211208
Malware Config
Extracted
formbook
4.1
m25m
vcinteriordesign.net
wahl.technology
howty.online
merakitaj.com
linklist.host
chengyumeta.com
thescottishtenors.com
fatima-alzaidani.com
darktealfox.com
yunyusuo.com
nftqueen.store
china-xlxh.com
bestvetcbd.com
sailjiu.com
leenings.net
proveedorampsxxi.com
survivingsilver.com
pyramidsupports.com
ftacjh0bx.online
tinthuongvang2021.com
brickstand.sbs
30s-marriedman.com
bpkadabsen.com
gseballmcq.com
cszpyz.com
houndhippie.com
ropponme.com
jerusalempasseios.com
devlite.agency
everstorelithium.com
wingsandcurries.com
watsright.com
wejackcth.quest
new-unhide.com
skitimmix.quest
graphiguy.com
compliancereality.com
discontentitude.com
hapticvibe.com
unlockemal.com
insulicstore.com
imqualife.com
inoasshops.com
celikvet.com
haztol.xyz
consorciocompravehiculos.com
cvpatentlaw.net
mywetnose.com
choklathouse.com
orfordcottage.com
pfeiferbecker.com
nftpunks.cloud
oncasi-analytics.net
xiaomafb.com
huaweigk.com
zymiterial.com
wartobinnen.quest
infoabos.com
louvorverdadeevida.com
clinicafresa20.com
sgssbgh.com
wiselytoken.xyz
flextrendy.com
ycdmuj.com
youduoji.com
Targets
-
-
Target
Quotation.exe
-
Size
792KB
-
MD5
4896d39c691c80da22e0820c28ce8afd
-
SHA1
05cb9fcefddf18ce6f66cb6c7454ea64d98eff1c
-
SHA256
27b119bcaa4cbf8aa1724911fcf3e21917f0a4db830075cea3e5072fc525db32
-
SHA512
4934b61592847a23023639e80bc95240e186f780fd358b63582bb39dcd39a1026137b0c5639cc61fcd8ec5919e7e422de1f8dbdf1b2b2b0d3b343ae97d3c2270
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-