General
-
Target
fa727bc89057fa9b33dbf9a20c1d0800146f05a28bbad527ed2a836c2fa4e2d3
-
Size
324KB
-
Sample
220521-ntwjhsebc5
-
MD5
c2cdc3dba69f5f5eb6f75ec52fbfcb79
-
SHA1
52de4fd06cf85232fa909fee03107e26a25349e3
-
SHA256
fa727bc89057fa9b33dbf9a20c1d0800146f05a28bbad527ed2a836c2fa4e2d3
-
SHA512
287808dee129c6c6c48e9f7bea9111882926cd2db78f92588d4d6bf43f535c37432d8ce2b71a994443627794296a9a825c31cfdb290741a89426e58c3a24280d
Static task
static1
Behavioral task
behavioral1
Sample
List of our purchase order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
List of our purchase order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
formbook
4.1
3nop
bakecakesandmore.com
shenglisuoye.com
chinapopfactory.com
ynlrhd.com
liqourforyou.com
leonqamil.com
meccafon.com
online-marketing-strategie.biz
rbfxi.com
frseyb.info
leyu91.com
hotsmail.today
beepot.tech
dunaemmetmobility.com
sixpenceworkshop.com
incrediblefavorcoaching.com
pofo.info
yanshudaili.com
yellowbrickwedding.com
paintpartyblueprint.com
capricorn1967.com
meucarrapicho.com
41230793.net
yoghurtberry.com
wv0uoagz0yr.biz
yfjbupes.com
mindfulinthemadness.com
deloslifesciences.com
adokristal.com
vandergardetuinmeubelshop.com
janewagtus.com
cloudmorning.com
foresteryt01.com
accident-law-yer.info
divorcerefinance.guru
wenxiban.com
589man.com
rockerdwe.com
duftkerzen.info
igametalent.com
yoursafetraffictoupdates.review
jialingjiangpubu.com
maximscrapbooking.com
20sf.info
shadowlandswitchery.com
pmbnc.info
shoppingdrift.online
potashdragon.com
ubkswmpes.com
064ewj.info
rewsales.com
dealsforyou.tech
ziruixu.com
naehascloud.com
smokvape.faith
sunflowermoonstudio.com
stepgentertainment.com
tawbj.info
besthappybuds.net
koohshoping.com
ajikrentcarsurabaya.com
jkjohnsroofingfl.com
whatsnexttnd.com
yoyodvd.com
joomlas123.info
Targets
-
-
Target
List of our purchase order.exe
-
Size
1.1MB
-
MD5
94c591351a9f0c0e8c61ee32b1e4bed8
-
SHA1
37c19b86622d1a9725a87c288af816aadda575a2
-
SHA256
017f433a49afcc765c5a5e7f39de6251fbe37d9c98f7d86f1abcefb1a9f559bc
-
SHA512
1b768f633f2d748a59a967f767eec9300e467163fc907b65c4b520c538bfeb89b7f957a566b365bce813ef9d47eb6e1372e3451b4527a62e37e9dcd30f4c0241
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-