General
-
Target
clientIC.bin.zip
-
Size
216KB
-
Sample
221130-lmc3gsca2x
-
MD5
c8ebc40be0a92b4412ad0a862ab26cab
-
SHA1
784c62aa4ba0c1ce87c96da5f20f3e022292fe0e
-
SHA256
cfee1cf081f586be0dca743b2fd2e38645e14d6e897c8726b0ea164709931e92
-
SHA512
35a3e5f8c45005d707ff3f2425ff10300bde4448379c253c5f261c50e1fb2d52ec505fb3d929ac6c1f678e8bb9afe53141bc9a5d82762c9a2c06d8e5607a1139
-
SSDEEP
6144:U+vR+5Tzwm14ia+x/oqgR1wobIRtkpLjTeEOC:U+J+53P+miq81wobuOpLjTeEOC
Static task
static1
Behavioral task
behavioral1
Sample
clientIC.exe
Resource
win7-20220901-en
Malware Config
Extracted
formbook
4.1
wh23
ow9vyvfee.com
alvis.one
mutantgobz.claims
plynofon.com
southofkingst.store
nuvidamedspa.com
coffeeforyou56.com
opaletechevents.com
momobar.life
abcmousu.com
learnicd-11.com
tipokin.xyz
kahvezevki.com
suratdimond.com
oldartists.best
infoepic.info
mattresslabo.com
skarlmotors.com
cl9319x.xyz
med49app.net
vivarellistaging2.com
gwnv.link
ogurecsbatvoi-7.online
littlelionplaycafe.com
floridaindianrivergeoves.com
eyelashacademysurrey.com
elprobetre.store
sexfan.biz
westbay.casino
carmana.store
optitude.finance
neo-hub.us
meadowwoodanimalclinic.com
ok-experts.com
magnoliabymr.com
fenomini.com
miaowu.work
skipermind.com
winstim.com
14123ninemile.com
plegablescr.com
bloommagiccbdburaliste.com
focusing-garef.com
krumobilept.com
norbercik.online
qteko.com
growupmarketingservices.com
alem-holdings.com
entreinnovator3.com
mainlydivision.space
module.live
gtrewegehwewe5.asia
jd8wme.cyou
pingacx757.com
big-teamwork.com
lesyeuxdanslespoches.com
yutighjkdfgjkd.shop
yourstoolsample.com
musntgrumble.com
jurgenremmerie.com
ebade.xyz
johnollieconstruction.com
bioprofumeria.shop
sarithebrand.com
taiguszab.online
Targets
-
-
Target
clientIC.bin
-
Size
233KB
-
MD5
6748ab9c3f718189aa1942e6465c5de4
-
SHA1
872407ac71d607b1d02b1e116ce7c1a788078888
-
SHA256
d7cc0491b79a1024a4b9cdff777d016b9ccd6ecb7b335ccb54f61fea89e345cd
-
SHA512
90710bb4a02c94c9274aa25ca67357c037475d1c7793fc9a72568e853c989a5e77587f7f7a66bcc46c89f53e3629a507d537721c234866710cabb362b79da74a
-
SSDEEP
6144:5Bnuy0yPQ9aJbN6bWfO8hOXFI07pyDRAHUdTHyqiYBNBYd5PP2Tkc+:Ky0yPQ90bN6bkhI9W2rMNBYn2Ic+
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-