General
-
Target
ea7fd68474ee4b68b0efe56669644ad94474170ceca4f7aae769c0c06ac0ade2
-
Size
277KB
-
Sample
220521-prqe6afhc8
-
MD5
c98353615c05e518eef5042a50178c1b
-
SHA1
8ce0a86c9b979792a97d18af18c955046f73ee76
-
SHA256
ea7fd68474ee4b68b0efe56669644ad94474170ceca4f7aae769c0c06ac0ade2
-
SHA512
78bc19cc294a14c1ba88dbf71bcf8606e3c62a73081b7ffea491c8da5aa9e3e63d40af6f0b57fabe8d10ddcd5889092d98114b22292c56fc4a30a0397f4bef0f
Static task
static1
Behavioral task
behavioral1
Sample
Doc10.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Doc10.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
formbook
3.9
s5l
greenstock.info
laurajaneaesthetics.com
817comm.com
dbprimery.com
slzu-vxtx9.biz
covetpro.com
50.ink
weick.email
88717888.com
tongyue0423.com
anchorsky.com
horapatarot.com
cadillacforless.com
primesupplyvintage.com
torchinstant.win
thebrandishere.com
www-69677.com
savestj.com
tommydad.com
xigjailbreak.com
contulinemotieeszere.info
virtualrealitydomainnames.com
oldschoolrentalcars.com
zerosumtoken.info
facingrods.com
bagodawatch.com
theecostone.com
fireangelstech.com
lendingnetworksmail.com
apartemenbegawan.com
oniapparel.com
sanjeevkumarvestige.com
jiqywrrcmyudxaydrw.com
ptt-store.com
affilifaq.net
eyezonsite.com
youreadorkable.com
eh-sc.com
diariodasnoticias.com
bcqts.com
9a176.com
triplicesports.com
thetravelguideindia.com
frottolesignoraggio.info
swiftlogistics-service.com
36lk.info
webuyoldmotorcycles.com
mikedtoyota.com
honghuyangguang.com
soft-bits.com
twheb.com
poshchain.com
socialgeeknwa.com
alltexvets.com
coscolg.com
theflyingwolves.com
stonebridgeiwm.info
requestforcollect.com
weatherdeep.com
webxhard.com
six.ltd
belamargarida.com
eskisehirkahvefestivali.com
sf8803.com
hearxy.com
Targets
-
-
Target
Doc10.exe
-
Size
508KB
-
MD5
a55491d76809f0c2ce2534145b58c2fb
-
SHA1
2ba489657ea9b82d76a5398f80bb31e2cfec6294
-
SHA256
d15344ff431c8df1a1de0618b7e0f4dfee59999eb7f26de6d462cc9c8e80a54a
-
SHA512
56e439f76b9b073e8b575accab64ca2d98c7a4de9a6c0df1d66247fdc2d3f3add250b1bc4a140bc06d72c2436be6e0766a64e4705386de06335539ba50ab9bb1
-
Formbook Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-