General
-
Target
v0hRSGca3D2Z7cW.exe
-
Size
779KB
-
Sample
240428-kxqwnacd4t
-
MD5
79869ac2557f532c7db50785f59f8057
-
SHA1
4458bc01d37a3a3feb24b8da5b9f8190356c59d8
-
SHA256
6465b2c5702a723c7229e33fdf38676e3b0e0049b5b632e2fe6e210713f6a7e7
-
SHA512
b2079da931d878accc6c2f7f81f07b313689bcbeccb7319a3b1fac7dcf3abfc44406a40d48215bd8d74519bed1d266a3ccb81549b5fe14bd41c4600698647fea
-
SSDEEP
12288:HuqnHvjNIrpf9rN/mc/ChYgp70NtH95FYIqe17df6dFFHCApvlmJg0kR:H7PjKr5BNDUYgl8tdDY1qBf6d/HCApdr
Static task
static1
Behavioral task
behavioral1
Sample
v0hRSGca3D2Z7cW.exe
Resource
win7-20240215-en
Malware Config
Extracted
formbook
4.1
be03
458q14v4ams2.com
priceoctopus.com
betinplay.xyz
bcnd.xyz
1510soliveavenue.com
mcdpropertypros.com
reddcrownexpress.com
rewardlabs.shop
burenbrand.com
revand.io
tractionendurancecoaching.com
jotaerreshopp.com
shopboyg.com
dakor.shop
groundswellmag.life
nehagadodia.com
dancarellibizbroker.com
meconline.co
ttmq.cc
thegoldenyouph.com
poolcenter.store
portalesexpress.com
okltyf.xyz
wnkj001.site
wltk.site
nexosmedic.com
cartell.app
yteam.tech
gpt-toolbox.io
plexirecruiters.com
beerattraction.com
11111bet365.com
24laura.info
stupididiotmoron.com
test-igot.com
gramotnosti.store
truck-driver-jobs-2024.online
fundedxprop.com
xpendly.cc
mobtruecrime.com
3051harborview.com
6891ybfh.xyz
growthpfad.com
sygtrainings.com
fastgrowthleads.com
kiwiceleste.store
fidesinvicta.com
oneupmushroom.store
socialsellingbootcamp.com
dy-gmvrp.xyz
d3cargo.com
6ixsoft.com
fengyuncq.com
stmerry888.com
yahliker.online
numoneypro.com
jadediver.com
lauvhoney.com
oirdesign.com
robobussy.com
healthstartsinyour20s.com
roofing-jobs4-in-205nz.today
alexisfennillustration.com
abandoned-houses-se-0.bond
j88.kids
Targets
-
-
Target
v0hRSGca3D2Z7cW.exe
-
Size
779KB
-
MD5
79869ac2557f532c7db50785f59f8057
-
SHA1
4458bc01d37a3a3feb24b8da5b9f8190356c59d8
-
SHA256
6465b2c5702a723c7229e33fdf38676e3b0e0049b5b632e2fe6e210713f6a7e7
-
SHA512
b2079da931d878accc6c2f7f81f07b313689bcbeccb7319a3b1fac7dcf3abfc44406a40d48215bd8d74519bed1d266a3ccb81549b5fe14bd41c4600698647fea
-
SSDEEP
12288:HuqnHvjNIrpf9rN/mc/ChYgp70NtH95FYIqe17df6dFFHCApvlmJg0kR:H7PjKr5BNDUYgl8tdDY1qBf6d/HCApdr
-
Formbook payload
-
Suspicious use of SetThreadContext
-