General
-
Target
eeec66084fc56b1e253dc3803ee3bf59a71e403a41f55fa6068428e15214ccaa
-
Size
513KB
-
Sample
220201-c74w9sgae5
-
MD5
b36954cc7b62465a1351c26539cf003c
-
SHA1
04b2e4c951b4dbf33ae78d0ca125696484d2d533
-
SHA256
eeec66084fc56b1e253dc3803ee3bf59a71e403a41f55fa6068428e15214ccaa
-
SHA512
a37ea1b141e537160606aa00dfc6a676cba061461531a0113783a8c4e8ea98c2914dc83da2aa5c84d6986edac97032885f202bc02c365c5a6bc911c10ee3e838
Static task
static1
Behavioral task
behavioral1
Sample
eeec66084fc56b1e253dc3803ee3bf59a71e403a41f55fa6068428e15214ccaa.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
eeec66084fc56b1e253dc3803ee3bf59a71e403a41f55fa6068428e15214ccaa.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
formbook
3.9
rm
21031venturablvd.com
hakunaamatata.com
favoritetrafficupdates.review
supermetaldetector.com
emprendiendoconvalor.com
instantclearskincream.com
quality-ind.com
essarp.net
citywidelbanks.com
actoralbert.com
melendyou.com
yfmodelminiatures.com
sell4cashwylie.com
lycheetreecottage.com
shoppingforbeatsearbuds.com
dgfengkai.com
dottowels.com
thxhva.info
oneloveworship.com
springfordschooldistrict.com
aplockinge.com
reframinglexicon.com
restnowpartylater.com
nowmedia.group
ahxx.ink
ziwojianding.net
rizqtechengineers.com
xuat-tinh-som.net
trakyagaming.com
thewildsoulsage.com
digitalsoldiers.software
yahoomediallc.net
tyrrh.com
ecoisticprotein.com
michaokeji.com
movin3d.com
peluquerialasdominicanas.com
rasiohead.com
wwwm59999.com
qrmeter.com
captionestimate.net
couriers.wales
mint-pro.com
toothwr.com
sardocucina.com
archive-fast.date
24hrpants.com
pawfect4u.com
nathalie-beauty.com
ree.guru
styledstagedsold.biz
tzfst.com
myrecipecritic.com
168cp149.com
f1-timez.com
alphaeducon.com
myownreader.com
779bifa.com
wheretofindhotnews.com
express-verification.com
makeitadouble40.com
viaggiareinliberta.com
diamondxxx.com
55rfya.com
higcaf.com
Targets
-
-
Target
eeec66084fc56b1e253dc3803ee3bf59a71e403a41f55fa6068428e15214ccaa
-
Size
513KB
-
MD5
b36954cc7b62465a1351c26539cf003c
-
SHA1
04b2e4c951b4dbf33ae78d0ca125696484d2d533
-
SHA256
eeec66084fc56b1e253dc3803ee3bf59a71e403a41f55fa6068428e15214ccaa
-
SHA512
a37ea1b141e537160606aa00dfc6a676cba061461531a0113783a8c4e8ea98c2914dc83da2aa5c84d6986edac97032885f202bc02c365c5a6bc911c10ee3e838
-
Formbook Payload
-
Sets service image path in registry
-
Suspicious use of SetThreadContext
-