General
-
Target
74506f556773236a68fc166698f0e652871cbe8b548538c16a1435f2e9ae62dc
-
Size
438KB
-
Sample
220131-vv5bdaagh3
-
MD5
c7dd14b7cd5e6e09144978eeb2da8984
-
SHA1
ed90c64edc294662bf6a4d23b7e166d9792e9d50
-
SHA256
74506f556773236a68fc166698f0e652871cbe8b548538c16a1435f2e9ae62dc
-
SHA512
0abdc8eb5b4b03c85f74b0bd0c675f0ac018fb21e4754271d11e9637bcb9fbff392ff0578a5ec1d2e2d6a4a72820c725a26dc6c1a899f3f654d8ab1a16898f04
Static task
static1
Behavioral task
behavioral1
Sample
scan._bank_transfer_alhali_bank_12_09_2021.exe
Resource
win7-en-20211208
Malware Config
Extracted
formbook
4.1
im8r
rivoluzione2020.online
palacesaintgermain.com
creatri.com
krazzyhost.com
xxxstreaming.online
perfectoptionsfx.com
creativebay.art
hazelineshop.com
stfpk.com
flaxx.life
symphonyone.info
amlakzamanpor.com
indianhomehealthcare.net
blacktanandwhite.com
kannabofy.com
anthonycrivello.com
eduvill.net
bonnybuy.com
burneteris.info
mysarasotahomevalue.com
vpgevuqo.icu
opaltechnology.net
kiralikkocaelivinc.com
worldcupreplays.com
bokzer.com
cincinnatihardwoodflooring.com
miatreet.com
xiaodoutao.com
jessicacoppetstudio.com
athenssunbeds.com
pupusastruck.com
hg8808dh.com
bcx66.com
simplifiedpeace.com
genuineses.com
iraqmatrimony.com
paylessshops.com
victorimag.com
circawebdesign.com
dallassalesrecruiters.net
zenithaoc.com
dawnlo.com
squaremile.design
cruisestrade.asia
akezlink.com
distinctkultureapparel.com
dreamsvilleventures.com
strifecta.com
thissoftwareworks.com
first2play.com
mansamobile.com
muellermultimedia.com
allinpd.com
jubefa.com
eleccionsfcb.cat
www62037.com
jjkvic.com
thediabeticdomain.com
thebetterbutcher.com
toureses.com
pani-mer.com
barbingalls.com
hls56.com
moresweets4me.com
xeroxliquidmetal.com
Targets
-
-
Target
scan._bank_transfer_alhali_bank_12_09_2021.bat
-
Size
595KB
-
MD5
2bf76c0c064f27112084d2b519c5c5f0
-
SHA1
1776615c937ec34b85d6333ab02d0571afffb6f6
-
SHA256
31573322ef0e4c9d77a36ba43b66edc88da6d66a7be519d118b7c01d0986baca
-
SHA512
b9ed3eb56cc3838c67d56c5eff065a876c0599d60a400a0eb0c722ad9ce0658379383635ed0393cce8007688e174e425196d8aa8fef80e88049588da09583cc2
-
Formbook Payload
-
Sets service image path in registry
-
Suspicious use of SetThreadContext
-