General
-
Target
7c772a450cabca67d3a26705253f64e94188478c13edfabd5e664c4ba8313bdf
-
Size
1.6MB
-
Sample
220724-sl3p3sgea3
-
MD5
ebd122da55fa80d44675eac85acde174
-
SHA1
2fae562525109254ba01034ad6ded13e09caaa25
-
SHA256
7c772a450cabca67d3a26705253f64e94188478c13edfabd5e664c4ba8313bdf
-
SHA512
0684b6061f6b34f726d793e8d8b4acf3e6e2cc1f1c0bdb139e95408844ade4e83eb210b6e2b3946d0ed44cef6b5a5c3ddf8df2c83289ec283761615c671c4311
Static task
static1
Behavioral task
behavioral1
Sample
7c772a450cabca67d3a26705253f64e94188478c13edfabd5e664c4ba8313bdf.exe
Resource
win7-20220718-en
Malware Config
Extracted
formbook
3.9
kb
dardacha.info
zhiyun-ukraine.com
younganalvirgins.com
clubwaka.guide
frasesdolivroolharmaligno.com
494tox.info
vets.expert
unlock-payment-billing.com
carlooks.win
adolescancerecklessness.com
canadawednesday.site
musicforpictures.net
les-santolines.com
bankrott.tips
kngco.info
www9921o.com
smarterprotection.info
prophcorehosting.com
yoohoo.site
busbed.date
gafu.ltd
sackmonsters.com
customerservicespy.com
studiostraccio.com
ehuansp.com
rrfunds.com
42cassino.com
monroute.com
51kufang.net
commservemarketing.com
mlsda.com
dipnotiqconcepts.com
99988nnn.com
djhwqxw.com
qdbangshi.com
minoshima-seikotsuin.com
coffeesedona.com
lowcarbgiantess.com
crypto4less.com
qeijwm.men
cannachocolata.net
shkjlx.info
ladslads.net
petfood-good.online
bw1280.com
bankdirectorsinstitute.com
ergotherapiewerkstatt.rehab
juliabfluz.com
windowfx.net
carniger.com
affairs.trade
hsw666.com
doonlinedatingswow.live
saliqamag.com
theradomethailand.com
bendigopress.com
wildflowerco.com
transactioncoordinator365.com
thriftycanvas.com
invisi-shield.net
sarap7.com
mimihwa.com
hyginusaqueous.cricket
pm-3.online
kervax.com
Extracted
Protocol: smtp- Host:
smtp.mail.com - Port:
587 - Username:
[email protected] - Password:
kelechi1
Targets
-
-
Target
7c772a450cabca67d3a26705253f64e94188478c13edfabd5e664c4ba8313bdf
-
Size
1.6MB
-
MD5
ebd122da55fa80d44675eac85acde174
-
SHA1
2fae562525109254ba01034ad6ded13e09caaa25
-
SHA256
7c772a450cabca67d3a26705253f64e94188478c13edfabd5e664c4ba8313bdf
-
SHA512
0684b6061f6b34f726d793e8d8b4acf3e6e2cc1f1c0bdb139e95408844ade4e83eb210b6e2b3946d0ed44cef6b5a5c3ddf8df2c83289ec283761615c671c4311
-
Formbook payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-