General
-
Target
0119816beb0867ee59fb60a33670e657cd6bdf23f664eb782ebf6c8352b8e203
-
Size
680KB
-
Sample
220128-18lzvafdc6
-
MD5
82d5c72a08aa4f34539f445f1ddbfe24
-
SHA1
7fc99364d01393449e2e8add5a62ddb28336195f
-
SHA256
0119816beb0867ee59fb60a33670e657cd6bdf23f664eb782ebf6c8352b8e203
-
SHA512
2cb849476e5372691b102008ef5ce52f422f6822259bf56c4caa0710a55facd416e4a90eefaaba970e2b0b83c5ef577ac5c45d5b0c131b1670e5935ca7f833f5
Static task
static1
Behavioral task
behavioral1
Sample
sales payment.scr
Resource
win7-en-20211208
Malware Config
Extracted
formbook
3.9
ge
basakpentamir.com
pilgrimbaits-premium.com
ab5pp.com
fjtts.com
stpelectronics.com
foraol.com
protagonista.info
nigeriasno1datingsite.com
dignity.live
bodyworldholdings.com
01lover.com
wwwjinsha045.com
serverlan.info
themachinevspeople.info
bergencountyautosales.com
hillsidemanor.house
sergiypavlyukphoto.com
abetterforupgrades.date
lokireddygroup.com
il-hotels-review.com
stone-interieur.com
sistemasucma.com
intersectventures.com
westonnissannw.info
vercour-mezo.com
oceanclub1.com
galexmulti.com
aajkapakistan.com
towzoom.com
krcgf.info
com-lphone.info
overcold.com
5008123.com
jbxdev.com
cozero.com
lifeforhealth74.com
revolicthailand.com
chungcu-paragontower.net
blink-boutique.com
pst-pure.energy
2ndwind.info
newyorkartbeat.net
xn--2qux23cg7bq62b.com
withdrawfromroute.com
archeractuarial.com
brianreynaphoto.com
calliluggage.com
xn--zoom-9j3po85on3dfpf.com
kf575.com
odv.asia
gaziantepulucanlarasm.com
ynhuiniu.com
betingirnavad90.com
substitutionshelp.accountant
ekvpres.com
letsgooba.com
lbdaycarecenter.com
beehappyplanting.com
zhaozushou.com
ronaqalamerat.com
softball.place
iccampionihotel.com
prashiru.com
coterielancaster.net
menflax.com
Targets
-
-
Target
sales payment.scr
-
Size
711KB
-
MD5
28996f9f1e4b645eed15f6bc8b51d937
-
SHA1
190bec54bcc632a8d676ff9df2b4bcec455c25fc
-
SHA256
66b2b5112b9aa05cd1c1d65b09499aecd3798e90af4cb2bfc7844372b4ba6f37
-
SHA512
63a43eb9e28a869d0af32b745e61f39b429179af988592f98dec6e2175a013a442b4e1f1b21fa5ef378f92e9849c62c4dc7e21f169b745000f2bdc603abe1599
-
Formbook Payload
-
Adds policy Run key to start application
-
Suspicious use of SetThreadContext
-