General
-
Target
744c71a523be4f651482eac7ac5556c3d2cd14f79b244ed05e10b0938848f976
-
Size
1.1MB
-
Sample
220221-1xzfssbac3
-
MD5
8475983835cf499366bcb012e6a48c89
-
SHA1
336ad5784bc9c021caf0c99de30ba04da06645b3
-
SHA256
744c71a523be4f651482eac7ac5556c3d2cd14f79b244ed05e10b0938848f976
-
SHA512
29817e8500c83d7ad14a1cea80d17633853dda989eb984e648729d280e6ba149e7eac5336639f8a4559247ffb6614a07ec91046c1e53a762f426ff5fc7d24bc6
Static task
static1
Behavioral task
behavioral1
Sample
pago copia SWIFT pdf.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
pago copia SWIFT pdf.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
formbook
4.1
n7ak
audereventur.com
huro14.com
wwwjinsha155.com
antiquevendor.com
samuraisoulfood.net
traffic4updates.download
hypersarv.com
rapport-happy-wedding.com
rokutechnosupport.online
allworljob.com
hanaleedossmann.com
kauai-marathon.com
bepbosch.com
kangen-international.com
zoneshopemenowz.com
belviderewrestling.com
ipllink.com
sellingforcreators.com
wwwswty6655.com
qtumboa.com
bazarmoney.net
librosdecienciaficcion.com
shopmomsthebomb.com
vanjacob.com
tgyaa.com
theporncollective.net
hydrabadproperties.com
brindesecologicos.com
sayagayrimenkul.net
4btoken.com
shycedu.com
overall789.top
maison-pierre-bayle.com
elitemediamasters.com
sharmasfabrics.com
hoshamp.com
myultimateleadgenerator.com
office4u.info
thaimart1.com
ultimatewindowusa.com
twoblazesartworks.com
airteloffer.com
shoupaizhao.com
741dakotadr.info
books4arab.net
artedelcioccolato.biz
tjqcu.info
teccoop.net
maturebridesdressguide.com
excelcapfunding.com
bitcoinak.com
profileorderflow.com
unbelievabowboutique.com
midlandshomesolutionsltd.com
healthywithhook.com
stirlingpiper.com
manfast.online
arikorin.com
texastrustedinsurance.com
moodandmystery.com
yh77808.com
s-immotanger.com
runzexd.com
meteoannecy.net
joomlas123.info
Targets
-
-
Target
pago copia SWIFT pdf.exe
-
Size
1.8MB
-
MD5
64ce539f8167e9cc887a87f859533933
-
SHA1
a736ba56beb2b342468f36f63e7dce53777dbb34
-
SHA256
f6397532d0b859cf1b26c55f29ec9af49613ce462643d4dc31478c4f231d2833
-
SHA512
d5b763e6259ab3cc9955583ddf20a378de6f73d2286243ee5bb1453244321300ffb9bf274dd45ccf43575ddb83fd0fcd71267e11c4f2c44b0b868a905ff59e21
-
Formbook Payload
-
Deletes itself
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-