General
-
Target
061483471c0c0d3f4b33a17ba0fda2c1.exe
-
Size
502KB
-
Sample
220131-r5vyxaaac8
-
MD5
061483471c0c0d3f4b33a17ba0fda2c1
-
SHA1
18bc73370ca8514aa5fafa0176d25c3c45d5f8ee
-
SHA256
0b4545838e8a848f0a54b02582f6d49494b3352dfd88d39d6ba2051c420270a6
-
SHA512
2da603dd5a95ee1314ace4ee1f1ef08d12c62f5f0210d88bd5c816405c391c28106ce6952ecbc34dd08653eff997f95f2f08fe8292371b94f0e5f3c1f09f3d7f
Static task
static1
Behavioral task
behavioral1
Sample
061483471c0c0d3f4b33a17ba0fda2c1.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
061483471c0c0d3f4b33a17ba0fda2c1.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
formbook
4.1
n0k1
tyupa.xyz
scion.xyz
smjacob.com
intelligentsiaunionyes.com
myartismytemple.com
roethlisburgers.com
burny-live-bar.com
amricanfamilyinsurance.com
barossavalleycollective.online
coinstarrevenue.com
ionablissfullife.com
worryfreeads.com
9xu5qkr1.xyz
julbera.xyz
denko-puro.com
boardsavorybeambark.club
coronarules.info
hailiangyinqing.com
pageonandroid.tech
1meqtaw8.xyz
studiojoanaduarte.com
trakaibatteries.com
gameworld.group
jinglaxin.com
zgcsqs.com
wu6hpihxe2la.xyz
oceanerebelo.com
cananincami.xyz
dongjiantangjituan.com
padilla.one
wellingtonsloupe.com
unioncountyhousevalues.com
chunbacard.com
sunvalleynutra.com
clarifyproduction.com
berlloques.com
castleorcabins.com
jurienbayfc.com
purusharth.foundation
digitalexperiencelive.com
tlccevent.com
dfsballoon.com
calendarlbs.com
ittechapp.com
leivisjuniormarinsdeabreu.com
danieljohnsonhomes.com
rapidemployeedeployment.com
hangzhuangyuan.com
hnlgdjxc.com
providerhealthnetcalifonia.com
teevenfajri.xyz
xin129.xyz
gymexfactory.com
wu6bntemghxr.xyz
growsilver.xyz
superbahis994.com
getertcapplication.com
techcaremassager.xyz
portraitmodelsco.com
hotelbestskip.com
suitjeans.com
zhuma.love
nmhelpingpower.com
mylivingreef.com
xmwn-adn.com
Targets
-
-
Target
061483471c0c0d3f4b33a17ba0fda2c1.exe
-
Size
502KB
-
MD5
061483471c0c0d3f4b33a17ba0fda2c1
-
SHA1
18bc73370ca8514aa5fafa0176d25c3c45d5f8ee
-
SHA256
0b4545838e8a848f0a54b02582f6d49494b3352dfd88d39d6ba2051c420270a6
-
SHA512
2da603dd5a95ee1314ace4ee1f1ef08d12c62f5f0210d88bd5c816405c391c28106ce6952ecbc34dd08653eff997f95f2f08fe8292371b94f0e5f3c1f09f3d7f
-
Formbook Payload
-
Suspicious use of SetThreadContext
-