General
-
Target
88efa753e46f6e0e87c67231482613c1145eb5ab7e43dbd17e19b1a9267b5896
-
Size
886KB
-
Sample
220521-n4tsnsefb6
-
MD5
0bf971c91ce1997840caf20da0bcf262
-
SHA1
fcc1070b8cf0d27b26af1516c891ffd72060cdee
-
SHA256
88efa753e46f6e0e87c67231482613c1145eb5ab7e43dbd17e19b1a9267b5896
-
SHA512
19c9a94e0d5fece986e99d527dc2db65a78a0a6708f14be66fd65c46e9d3ce8d1a1186a4a93034cdfdea44516bc264fa337786cbcc5c69a40e73a0276a3d8d09
Static task
static1
Behavioral task
behavioral1
Sample
88efa753e46f6e0e87c67231482613c1145eb5ab7e43dbd17e19b1a9267b5896.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
2cur
canadarbc.com
chynnaman.com
towerofcards.com
rockyourgloryinc.com
mod-gen-gamer.men
peixunar.com
illinoisminutemanproject.com
jimcarreyfilmleri.com
holoidayinn.com
ledo52.party
exclusivegourmet.net
eventiedesideri.com
mybodydynamix.com
egeg.online
mylivechat.support
promedijob.com
goanadentalimplantok.live
hnau8h.com
edenproject-interior.com
datamoments.com
0noj8d.info
labelle.site
302-138somerset.com
quachvinh.com
lkcautotech.com
bulbousbluegrass.com
553245.top
planetaffiliates.info
beecoom.com
pojokpasar.com
sweetsassy.online
fmlbrand.com
negotiateking.com
ijwkh.com
notadezigner.com
erewash-camra.download
aizj.ltd
xtagx.com
j914.com
vitaevivere.com
m-i.ink
guolaod.com
vectorgraphicstudio.net
louzanluxury.com
solofingerfood.com
simplexgaming.com
woodenboxescompany.com
fastaskme.men
huntershill.biz
theflowerpetaler.com
u5xnku9.com
balonha.net
questionmybwutt.info
tingo66.net
drivediveboat.com
jwioe.com
ijar.ltd
maralconstruciones.com
argentumcc.info
energeda.com
10jjjj.com
mdinfocentral.net
akbank-bireysel-subeniz.com
principaldynamic.systems
regular8.info
Targets
-
-
Target
88efa753e46f6e0e87c67231482613c1145eb5ab7e43dbd17e19b1a9267b5896
-
Size
886KB
-
MD5
0bf971c91ce1997840caf20da0bcf262
-
SHA1
fcc1070b8cf0d27b26af1516c891ffd72060cdee
-
SHA256
88efa753e46f6e0e87c67231482613c1145eb5ab7e43dbd17e19b1a9267b5896
-
SHA512
19c9a94e0d5fece986e99d527dc2db65a78a0a6708f14be66fd65c46e9d3ce8d1a1186a4a93034cdfdea44516bc264fa337786cbcc5c69a40e73a0276a3d8d09
-
Formbook Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-