General
-
Target
E-dekont.pdf.exe
-
Size
221KB
-
Sample
221122-mc1apsdd3x
-
MD5
894125e6917b2615cc1bf3088a67a1f5
-
SHA1
58f04b7fa7c55976de27a86a620e3301863802dc
-
SHA256
44e3ed577325d16ea39deebd178c78d4022d21120a791f4c875c537fe60be2e1
-
SHA512
6fb81a5bee91bf595d48609633c071958d129325ce11716c958a6399f894c5bc16ca33a3b85c0f45640a6523342376f51501e3bb4088d6e8d6dbf23dbe619d64
-
SSDEEP
3072:WfJSq+ytGIon9KcSMhCOwEgjOFdLZkYEn9/qulHdf1YChR6EwiaKHKMybpq6fAUH:MEa0N0OhFfkYAquffemVaSKLLjM5oB
Static task
static1
Behavioral task
behavioral1
Sample
E-dekont.pdf.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
4.1
mi08
mytimebabes.com
ycpxb.com
abdkaplani.com
cloudingersoftech.com
fthfire.xyz
christyna.work
3d-add-on.com
knowyourtechdeals.com
kcl24.com
sepatubiker.com
sunnyboy.live
zrbsq.com
rinpari.com
lesac-berra.com
yes820.com
cnnorman.com
mystichousedv.com
sbobet888auto.com
gawiul.xyz
luispenas.com
whdchb.com
094am.com
fkwjs.xyz
batobo.online
mathswatchbot.com
bereketvadisi.com
additionmovies.xyz
zgqc168.com
xamango.com
1cpi1s0u7qcuj1xus5cg1fezo1k.com
b4xy.top
owicz.com
impulseamtt.com
247plumbers.monster
tradersource.online
decrimatx.com
my-vero.com
zgshdbhy.com
cab24seven.com
adultnnewspalace.com
volpi-venture.com
pixpotengi.link
zzjyswx.xyz
xn--90aiiithifm8h.com
nextdaybannerstands.com
uniquehandicraft.store
securityapp.top
mugexpert.net
magaa.xyz
omegaverse.wiki
owlsomeclothing.com
pegasuspadel.club
d-esig-n.site
alrate.top
simplyhillpisya.monster
mentawaisurfboat.com
nwjfypy.xyz
pgcbl.online
adultarivaj.com
juicyhookahinc.com
thewisestonellc.com
it32mgn.store
coco-vista.com
cremation-services-53998.com
grassi.uno
Targets
-
-
Target
E-dekont.pdf.exe
-
Size
221KB
-
MD5
894125e6917b2615cc1bf3088a67a1f5
-
SHA1
58f04b7fa7c55976de27a86a620e3301863802dc
-
SHA256
44e3ed577325d16ea39deebd178c78d4022d21120a791f4c875c537fe60be2e1
-
SHA512
6fb81a5bee91bf595d48609633c071958d129325ce11716c958a6399f894c5bc16ca33a3b85c0f45640a6523342376f51501e3bb4088d6e8d6dbf23dbe619d64
-
SSDEEP
3072:WfJSq+ytGIon9KcSMhCOwEgjOFdLZkYEn9/qulHdf1YChR6EwiaKHKMybpq6fAUH:MEa0N0OhFfkYAquffemVaSKLLjM5oB
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-