General
-
Target
f013713a9e2faa566668681f1a6894d247c966f17f1c8eec7cbb83d2a20dedf1
-
Size
275KB
-
Sample
220521-nn633adhh4
-
MD5
090af1d3851a3a12d0a471625ba13063
-
SHA1
20195f86c41f2fd2ddb7a1924a59a0bb18a694ec
-
SHA256
f013713a9e2faa566668681f1a6894d247c966f17f1c8eec7cbb83d2a20dedf1
-
SHA512
d8a830d2818eb09b5923a088ed71d35a1865bc0bbbdfd82b1d00f31ff993553febe9e19109c88a9433bbc2a048c343b471e6297daea9451a516454ad639d6080
Static task
static1
Behavioral task
behavioral1
Sample
dokaz o uplati.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
dokaz o uplati.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
formbook
4.1
n7ak
audereventur.com
huro14.com
wwwjinsha155.com
antiquevendor.com
samuraisoulfood.net
traffic4updates.download
hypersarv.com
rapport-happy-wedding.com
rokutechnosupport.online
allworljob.com
hanaleedossmann.com
kauai-marathon.com
bepbosch.com
kangen-international.com
zoneshopemenowz.com
belviderewrestling.com
ipllink.com
sellingforcreators.com
wwwswty6655.com
qtumboa.com
bazarmoney.net
librosdecienciaficcion.com
shopmomsthebomb.com
vanjacob.com
tgyaa.com
theporncollective.net
hydrabadproperties.com
brindesecologicos.com
sayagayrimenkul.net
4btoken.com
shycedu.com
overall789.top
maison-pierre-bayle.com
elitemediamasters.com
sharmasfabrics.com
hoshamp.com
myultimateleadgenerator.com
office4u.info
thaimart1.com
ultimatewindowusa.com
twoblazesartworks.com
airteloffer.com
shoupaizhao.com
741dakotadr.info
books4arab.net
artedelcioccolato.biz
tjqcu.info
teccoop.net
maturebridesdressguide.com
excelcapfunding.com
bitcoinak.com
profileorderflow.com
unbelievabowboutique.com
midlandshomesolutionsltd.com
healthywithhook.com
stirlingpiper.com
manfast.online
arikorin.com
texastrustedinsurance.com
moodandmystery.com
yh77808.com
s-immotanger.com
runzexd.com
meteoannecy.net
joomlas123.info
Targets
-
-
Target
dokaz o uplati.exe
-
Size
544KB
-
MD5
fd7ab257e104265969b3abcf5e1f8e94
-
SHA1
b0b9b3798b255d9fc1f09152637284aca59da65a
-
SHA256
61e1401e8c06b9d1c5c15155a7ef7559040c9d8fbb26e5d11c6dcaf0aa191e4d
-
SHA512
e7fd0d54b7ba8cc4013175f4654ebb1f1bf0e419d622cce4ff9f7182eb535581252e7927b416de3ae1a7e09e34d42d4e0d1fae69f6ca1ba566945082a72f2979
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-