General
-
Target
cdcad4e6bf31338fa80cac158d6225a9253184ae6344a77416e0ae7fa0993619
-
Size
398KB
-
Sample
220520-ry949agga2
-
MD5
5bd15749e0d34ea8de1206af9734023d
-
SHA1
5c55e3c37935e68bf9a6f5f3c0b470897c97cf83
-
SHA256
cdcad4e6bf31338fa80cac158d6225a9253184ae6344a77416e0ae7fa0993619
-
SHA512
e24ead489a0777c74624c06f18ca0877bf992944f94a82d43cc30d9f40fd3ed37decff0995d2d61ec0459f5e897d3e5da8bc86c323f8ca2bc509f79fff17ea35
Static task
static1
Behavioral task
behavioral1
Sample
????? ??? ??????????? ?????? ???.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
3nop
bakecakesandmore.com
shenglisuoye.com
chinapopfactory.com
ynlrhd.com
liqourforyou.com
leonqamil.com
meccafon.com
online-marketing-strategie.biz
rbfxi.com
frseyb.info
leyu91.com
hotsmail.today
beepot.tech
dunaemmetmobility.com
sixpenceworkshop.com
incrediblefavorcoaching.com
pofo.info
yanshudaili.com
yellowbrickwedding.com
paintpartyblueprint.com
capricorn1967.com
meucarrapicho.com
41230793.net
yoghurtberry.com
wv0uoagz0yr.biz
yfjbupes.com
mindfulinthemadness.com
deloslifesciences.com
adokristal.com
vandergardetuinmeubelshop.com
janewagtus.com
cloudmorning.com
foresteryt01.com
accident-law-yer.info
divorcerefinance.guru
wenxiban.com
589man.com
rockerdwe.com
duftkerzen.info
igametalent.com
yoursafetraffictoupdates.review
jialingjiangpubu.com
maximscrapbooking.com
20sf.info
shadowlandswitchery.com
pmbnc.info
shoppingdrift.online
potashdragon.com
ubkswmpes.com
064ewj.info
rewsales.com
dealsforyou.tech
ziruixu.com
naehascloud.com
smokvape.faith
sunflowermoonstudio.com
stepgentertainment.com
tawbj.info
besthappybuds.net
koohshoping.com
ajikrentcarsurabaya.com
jkjohnsroofingfl.com
whatsnexttnd.com
yoyodvd.com
joomlas123.info
Targets
-
-
Target
????? ??? ??????????? ?????? ???.exe
-
Size
1.2MB
-
MD5
67b1e695bae2dfd1ffe6d1a85141509f
-
SHA1
0ad01e9af94cb6ce3247d9b5f09b2655f4b486dc
-
SHA256
c5ccddfa0f7ee807513279b0195460cd48f3b36f2154c93ff3945fe30c647dde
-
SHA512
a90f986a2cd2dc0e18050a8006c0d19bd76f714c12546fa7b91485b59dee1031b51674049d127f05aee896337c9e758625132f763e534cc30cf549e07972f4b9
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-