General
-
Target
7c4693347c14c9bca92ace69a3cc165269877791da5d19ab733f8b113f35ba0f
-
Size
1.2MB
-
Sample
220201-va45waaaa5
-
MD5
98d4f177840484fbe15befc2e97f888c
-
SHA1
b40e09949509a4ab38cbf058e3c52d7991a00c61
-
SHA256
7c4693347c14c9bca92ace69a3cc165269877791da5d19ab733f8b113f35ba0f
-
SHA512
b159e81d0fd4798f687db5cd7269190c14c5edce3da67abd1fe5d8191fec151edef08197dd5ea69a6728ac2224da7ca886c6883fc75bc29d2b2ac308deec34c5
Static task
static1
Behavioral task
behavioral1
Sample
CONFIRM_.exe
Resource
win7-en-20211208
Malware Config
Extracted
formbook
4.1
ergs
oceanprimesanfrancisco.com
dk-tnc.com
sodangwang.com
abrat-ed.com
dusubiqiqijem.xyz
getsup.online
homeneto.com
shose8.com
tronlane.com
nidowicosasod.xyz
independienteatleticclub.com
pca-winschool.com
realbadnastystories.site
bluevioletfloral.com
simplifiedpeacepodcast.com
abcfreediving.com
theyardbunny.com
holoique.com
ibkr1325.com
tjnfioou.xyz
bumbleapi.com
universityofnorthdakota.com
kisoriyan.com
scienceiva.com
permislbzd.store
mysoiree-lyon.com
philippinenow.com
officialjoyslots.com
casualdatingsites.online
delia-flores.com
eroerofuck.com
myesu.net
tryhard-production.com
3beadsbytj.com
congtycoessentials.net
3doutfits.com
spencersigmon.xyz
mewydyrqd.xyz
manigua.store
teescuchooffee.com
websitetudong.com
shiere.com
rummypepper.com
universeinteriors.com
royaledutyfree.com
evolutionarycurandera.com
seulookexpress.com
seajetguard.com
monikamosur.com
columbiaathleticboosters.com
sem4seo.com
businesstechblueprint.com
kreativemarketingconcepts.com
maisons-france-confort-mp.com
lixinjishaiwang.com
mybrabdmall.com
mrdreamhouse.com
graysrbm.online
theboathub.com
50039219.com
rincondelvinologo.com
coreatechnologyonline.com
artuta.com
teaneckvegan.com
iselotech.com
Targets
-
-
Target
CONFIRM_.EXE
-
Size
417KB
-
MD5
abb3147d8c0e9f65b3248004b8fffb91
-
SHA1
127a10da0021ae217648b3636f38d84b8f1459f1
-
SHA256
009e6b48b7d9b2a802d6e831138b1e55c4390861c123287e134bbc21f8a6e225
-
SHA512
af55e007019139a2257815f50f4e1de3fbc6e1fc9195104c989dc6935bc3ec494c2a5900fb56d13fcf1c1a9043659e9c77a7af37b17aec63d9c59a88b9efed02
-
Formbook Payload
-
Suspicious use of SetThreadContext
-