General
-
Target
ugojests09987.exe
-
Size
224KB
-
Sample
221117-2ar9msga86
-
MD5
45bfc44bb1648f19fd5db3a19be64af5
-
SHA1
3c6c37db8fbf189adb1fccebc8a52e70358a9b25
-
SHA256
788b816869fe860194e7288e7138e1efa96daea36480deb5fbb4ec5b894289b4
-
SHA512
e8e960765925f04a03ca402982ce4dff8f63d1fb34b9314c3b2ff715dfe7251f18a6ffb5bf4b97bdbfa52d8acfe5a74e4a498f4b068e6f0496f3ad6cddf16292
-
SSDEEP
3072:WfJSq+ytGIon9KcSMGBQEke0FxjRSc6qZbm91qoS7D98oyTiFccgSXvGWTbKWDOZ:MEa0NZr99K/URhyTEcLSXnb307XtGyNJ
Static task
static1
Behavioral task
behavioral1
Sample
ugojests09987.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
4.1
je14
innervisionbuildings.com
theenergysocialite.com
565548.com
panghr.com
onlyonesolutions.com
stjohnzone6.com
cnotes.rest
helfeb.online
xixi-s-inc.club
easilyentered.com
theshopx.store
mrclean-ac.com
miamibeachwateradventures.com
jpearce.co.uk
seseragi-bunkou.com
minimaddie.com
commbank-help-849c3.com
segohandelsonderneming.com
namthanhreal.com
fototerapi.online
your-download.com
klindt.one
sellerscourt.com
francoislambert.store
smokedoutvapes.co.uk
rundacg.com
flavors-and-spices-lyon.com
qifengsuo.com
sunnyislesgardens.com
tunneldutransit.com
restorecodes.website
blast4me.com
bingser.space
co-gpco.com
emporioaliwen.com
mr5g.com
abcp666.com
consulvip.net
sagaming168.info
zjpbhsuz.top
socal-labworx.com
arethaglennevents.com
rafiqsiregar.com
esgh2.com
veirdmusic.com
abzcc.xyz
8065yp.com
dronebazar.com
duetpbr.com
apartamentoslaencantada.com
digigold.info
homedecorsuppliers.com
duenorthrm.com
xmmdsy.com
ddstennessee.com
marmeluz.com
ragnallhess.com
methinelli.com
randomlymetheseer.com
magicgrowthproducts.com
shreejistudio.com
mattress-37684.com
yellyfishfilms.com
www1111cpw.com
tigermedlagroup.com
Targets
-
-
Target
ugojests09987.exe
-
Size
224KB
-
MD5
45bfc44bb1648f19fd5db3a19be64af5
-
SHA1
3c6c37db8fbf189adb1fccebc8a52e70358a9b25
-
SHA256
788b816869fe860194e7288e7138e1efa96daea36480deb5fbb4ec5b894289b4
-
SHA512
e8e960765925f04a03ca402982ce4dff8f63d1fb34b9314c3b2ff715dfe7251f18a6ffb5bf4b97bdbfa52d8acfe5a74e4a498f4b068e6f0496f3ad6cddf16292
-
SSDEEP
3072:WfJSq+ytGIon9KcSMGBQEke0FxjRSc6qZbm91qoS7D98oyTiFccgSXvGWTbKWDOZ:MEa0NZr99K/URhyTEcLSXnb307XtGyNJ
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-