General
-
Target
Transfer Request_pdf.exe
-
Size
261KB
-
Sample
221128-rvetyaaf22
-
MD5
5083abe9d59d3fa08c31af8a52a6fc52
-
SHA1
0a321017cb103515232af89c9648c5b0423d603f
-
SHA256
030e7b505d912efbdebba3bd4c0783f029d8bd4caf54ecf988427e47cdea0b16
-
SHA512
3e16697e5ec1a06476a17147abfc1995ddd6620bb6a60351e2a8cd8077137af67d6b11ff4d08f618676b98d6797a75ff175750624546bc84e4eb9f3ae7a02b45
-
SSDEEP
6144:QBn1jjE5+EdKaAHyu/IVOzxjl9ZY1X7lOlSrXhZ1zanK29tr1HEQwo+:gjw5+EXBugVO9L+1X70wr71eHH+o+
Static task
static1
Behavioral task
behavioral1
Sample
Transfer Request_pdf.exe
Resource
win7-20220901-en
Malware Config
Extracted
formbook
4.1
sy01
aeria.life
jotted.community
mozarspalace.com
bfkoxoih.work
doganmuzik.com
ljsq.shop
vitalitycook.store
74574575.xyz
infiniteuniverse.site
storkrv.com
amendmentsymmetrical.top
adevodigital.com
renammsac.com
tptretry.info
ninfainacquerello.com
25038.top
httpsthothub.lol
yvxbt.com
72028.top
vzxtopi.xyz
abw273.com
torqueandtension.com
topwawa24.site
omsaienterprise.info
remodelergarland.com
blackdogartco.net
mdeb.net
clickbests.net
yoody.xyz
campgreed.com
bazemorecontacts.com
daokes.top
jennyrossidesign.com
pinkroses.store
tentepergola.xyz
mrm2c.com
669.homes
catlettauto.com
distancepencilmarried.email
psg-ukraine.com
fasinixiaoribenguizi038.com
imperialwealthplanning.ltd
futa.gay
prod-lw-audience-builder.xyz
bestventureoffering.click
dentalsolution.store
320.productions
jzslime.com
ciciiceove.com
tuasolea.com
rhsallclass.net
yiersan.fun
myvipsuperapp.sbs
kalakaargraphics.com
trackmyapp.xyz
star138.com
metiswanderer.com
suv-cars.site
irofulaunc.sbs
transcendexperiences.com
25cse.xyz
peloporproperti.xyz
advertisementgallery25.monster
nordwandpartners.com
25800.biz
Targets
-
-
Target
Transfer Request_pdf.exe
-
Size
261KB
-
MD5
5083abe9d59d3fa08c31af8a52a6fc52
-
SHA1
0a321017cb103515232af89c9648c5b0423d603f
-
SHA256
030e7b505d912efbdebba3bd4c0783f029d8bd4caf54ecf988427e47cdea0b16
-
SHA512
3e16697e5ec1a06476a17147abfc1995ddd6620bb6a60351e2a8cd8077137af67d6b11ff4d08f618676b98d6797a75ff175750624546bc84e4eb9f3ae7a02b45
-
SSDEEP
6144:QBn1jjE5+EdKaAHyu/IVOzxjl9ZY1X7lOlSrXhZ1zanK29tr1HEQwo+:gjw5+EXBugVO9L+1X70wr71eHH+o+
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-