General
-
Target
7a0d901c8b9b67190044d81bfe56f8df6d175f46a9279de7d2207cd2c212a1af
-
Size
295KB
-
Sample
220420-kyvagaeac9
-
MD5
ca6db9f0415fa20dc1f9f065027c2ff0
-
SHA1
a102768f24ded1416c42f12ea54bdc8def8c795d
-
SHA256
7a0d901c8b9b67190044d81bfe56f8df6d175f46a9279de7d2207cd2c212a1af
-
SHA512
eeb247262a0964d46fa47cd77a9df8f851cad7b7ceeede73741233f02513f35b94e9318a828726b47aeb34e400f457c4a40a39003f79a0099011309fb0a3c5b8
Static task
static1
Behavioral task
behavioral1
Sample
INV-COPY##5673245367.pdf.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
tnk
lafioletto.com
mgiuj.com
wolllafvixzies.win
wwwsbvip123.com
nadyaasnae.com
noticesinvoice2017.com
intercapati.com
tg8895.com
9245654874.com
lytsxc.info
rffuf3-liquidwebsites.com
verguet.com
peinturefleursetfemmes.com
xttmrama.com
cryptoinvestmentideas.com
kikumasacarparts.win
freeapk1.com
tasteofimagination.com
gxzyoa.com
cq-mingwei.com
tctczy.com
nafo.ltd
worstcase.store
stockbridgepsychic.com
askmewhat.men
howtobuyabitcoinwallet.com
cataddictshop.com
sauersautorepair.com
godslittlejewels.com
cckkpbqr.com
ludd67671.com
dowzysound.com
groopkhat.com
northfloridavalue.com
xvideosssss.com
cryptocasinoadvisor.com
zen-aromatherapy.com
wevr.ltd
domainhemat.com
choraclechocolate.com
passiveannuity.com
juggernaut.live
marijuanadeveloper.com
yilujiu.com
georgiapsychologists.com
michelegcharrier.com
kn6htm.com
freemporium.com
going-native.com
matrixbathsystems.com
deborah-theocspecialist.com
broader97.com
zeit-wert.com
mcx4m6x.info
ettumanoormahadevatemple.com
developsbyirfan.com
u2mee.com
1788valleyspringsave.com
rjclassic.com
shiyuan.site
leahschmittpt.com
zssheep.com
zhaocaizhan.com
supposedlysierra.com
doneym.com
Targets
-
-
Target
INV-COPY##5673245367.pdf.exe
-
Size
370KB
-
MD5
ed10ee915e1021997c1de8de34c8c614
-
SHA1
060391504b94d40da85f7ec620cc342eaf7f3a55
-
SHA256
0a3ccff2a6b6ee6c506c71db29a49c6e7651a562b8c2c60c8bca3d8c48355875
-
SHA512
93e1900388f76bf08354c42e86eabe4b306a077f1e791e660cfd1e276b6e20b15b42d9c579f1d3c0691144efb6f1814de7e20c53db7a372c17f312b275921167
-
Formbook Payload
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-