General
-
Target
Inv.exe
-
Size
326KB
-
Sample
210113-gaab1e7kge
-
MD5
a3aba7d40da6c8c86e4e8d035803f314
-
SHA1
469b36f05939d6ec6457f1b72ba9f6c7a960be06
-
SHA256
1f94eb81e3cde4f677fd210e1ff7f5d06987cbdc2fa7de79e28b224e49244b40
-
SHA512
2cfa59a865a8292b98fb3e8e6ae79a4613d773be87c927ba4cc8e0f034010c0e5ebd0b85a74ca02ef59d47335908bcc610a597bc9cbfbfaaf364d76f51fff2fc
Static task
static1
Behavioral task
behavioral1
Sample
Inv.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.nationshiphop.com/hko6/
apartmentsineverettwa.com
forritcu.net
hotroodes.com
skinnerttc.com
royaltrustmyanmar.com
adreslog.com
kaysbridalboutiques.com
multitask-improvements.com
geniiforum.com
smarthomehatinh.asia
banglikeaboss.com
javlover.club
affiliateclubindia.com
mycapecoralhomevalue.com
comparamuebles.online
newrochellenissan.com
nairobi-paris.com
fwk.xyz
downdepot.com
nextgenmemorabilia.com
achonabu.com
stevebana.xyz
jacmkt.com
weownthenight187.com
divshop.pro
wewearceylon.com
skyreadymix.net
jaffacorner.com
bakerlibra.icu
femalecoliving.com
best20banks.com
millcityloam.com
signature-office.com
qlifepharmacy.com
dextermind.net
fittcycleacademy.com
davidoff.sucks
1033393.com
tutorsboulder.com
bonicc.com
goodberryjuice.com
zhaowulu.com
teryaq.media
a-zsolutionsllc.com
bitcoincandy.xyz
cfmfair.com
annefontain.com
princesssexyluxwear.com
prodigybrushes.com
zzhqp.com
hwcailing.com
translatiions.com
azery.site
wy1917.com
ringohouse.info
chartershome.com
thongtinhay.net
2201virginiacondo5.com
laurieryork.net
mujeresnegociantes.com
anchoriaswimwear.com
michaelsala.com
esdeportebici.com
ninjitsoo.com
Targets
-
-
Target
Inv.exe
-
Size
326KB
-
MD5
a3aba7d40da6c8c86e4e8d035803f314
-
SHA1
469b36f05939d6ec6457f1b72ba9f6c7a960be06
-
SHA256
1f94eb81e3cde4f677fd210e1ff7f5d06987cbdc2fa7de79e28b224e49244b40
-
SHA512
2cfa59a865a8292b98fb3e8e6ae79a4613d773be87c927ba4cc8e0f034010c0e5ebd0b85a74ca02ef59d47335908bcc610a597bc9cbfbfaaf364d76f51fff2fc
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-