General
-
Target
2022-571-GLS.exe
-
Size
268KB
-
Sample
221129-pexcyagf88
-
MD5
6cc14805bbf5e6bfb4daae5c8a61af7e
-
SHA1
34836f2aa6a4e97705352a50d2a7147c857fea94
-
SHA256
029d4fe47cb21a8f4e1dbe1863cf43cba6ac777e008b9675d381fda82986196b
-
SHA512
5f1bb5a77d471e49e15ff414b24ac89858e5458884f8f672a92376434dd9363e6d80146d6448b4ee0233c70531f58c4c7d431d9f873e6d1a2fdacf680479b2c6
-
SSDEEP
6144:QBn14u11x6y/QH2tw81qVegiZU/S4RaXFKia7ZiOfu:g4uRX4WvqMgiZgSXFKhZiO2
Static task
static1
Behavioral task
behavioral1
Sample
2022-571-GLS.exe
Resource
win7-20220901-en
Malware Config
Extracted
formbook
4.1
b31b
deltafxtrading.com
alisonangl.com
cdfqs.com
easyentry.vip
dentalinfodomain.com
hiphoppianyc.com
pools-62911.com
supportteam26589.site
delldaypa.one
szanody.com
diaper-basket.art
ffscollab.com
freediverconnect.com
namesbrun.com
theprimone.top
lenzolab.com
cikmas.com
genyuei-no.space
hellofstyle.com
lamagall.com
hallmarktb.com
hifebou7.info
sex5a.finance
printrynner.com
powerrestorationllc.com
hirefiz.com
uninvitedempire.com
alpinemaintenance.online
ppcadshub.com
looking4.tours
dirtyhandsmedia.com
capishe.website
cachorrospitbull.com
mythic-authentication.online
nordingcave.online
gremep.online
tryufabetcasino.com
premiumciso.com
powerful70s.com
myminecraftrealm.com
bssurgery.com
steel-pcint.com
iokailyjewelry.com
barmanon5.pro
kcrsw.com
9393xx38.app
kochen-mit-induktion.com
indtradors.store
giaxevn.info
trungtambaohanhariston.com
fulili.com
crgabions.com
matomekoubou.com
duaidapduapjdp.site
invissiblefriends.com
cy3.space
idqoft.com
jamal53153.com
lemagnetix.com
anthroaction.com
uspcff.top
supplierdir.com
counterpoint.online
zarl.tech
cdlcapitolsolutions.com
Targets
-
-
Target
2022-571-GLS.exe
-
Size
268KB
-
MD5
6cc14805bbf5e6bfb4daae5c8a61af7e
-
SHA1
34836f2aa6a4e97705352a50d2a7147c857fea94
-
SHA256
029d4fe47cb21a8f4e1dbe1863cf43cba6ac777e008b9675d381fda82986196b
-
SHA512
5f1bb5a77d471e49e15ff414b24ac89858e5458884f8f672a92376434dd9363e6d80146d6448b4ee0233c70531f58c4c7d431d9f873e6d1a2fdacf680479b2c6
-
SSDEEP
6144:QBn14u11x6y/QH2tw81qVegiZU/S4RaXFKia7ZiOfu:g4uRX4WvqMgiZgSXFKhZiO2
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-