General
-
Target
40ee2027d06e0a2ed12888c0e64c43a501ac7f81709625eb1ed61e5b0e43f865
-
Size
490KB
-
Sample
221130-tznzhsff94
-
MD5
204da52ffbac84b1067d3ee2d06a8b15
-
SHA1
05672de9a26d7cb5cfd408f06bc50e71265f32f3
-
SHA256
40ee2027d06e0a2ed12888c0e64c43a501ac7f81709625eb1ed61e5b0e43f865
-
SHA512
0989cf3b1de4c71e664471cfb9ff783c250e8d251e1438dd01815f8ee3d7103b9b55dd8dfaf374e0ce1ec2c605efc3cb6f8f46df9a9e209ee5638fb0762296b5
-
SSDEEP
6144:MTDMAYloj1/L8YEAQwgG5hUf+uJ18yL3gfDj3f4acR2RzqmCGujxggwHDU1W8:+DMAzjN4YEAFKmE0fbcgcVwg1W8
Static task
static1
Behavioral task
behavioral1
Sample
40ee2027d06e0a2ed12888c0e64c43a501ac7f81709625eb1ed61e5b0e43f865.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
4.1
pep
whitelabelgraphics.pro
futureguidefilms.com
mission-duplex.com
rutherealty.com
acehardwaremall.com
potenb.com
tbhawt.com
momentum-ip.group
m8sr8s.com
cfwagner.com
umiyama-eri.com
klantenvinden.com
simplycasd.com
visionhomerecruiting.com
inkjet-material.com
banking-aib.com
fast1performance.com
eventsbyja.com
breuer.network
smartecelectronics.com
vtbunkie.com
lexingtonclarke.com
ayintapbaklava.com
sugarstyleearrings.com
caiyanxi.com
the2mblueprint.com
bakldx.com
7choicesar.com
jesusencounterminisries.com
lamptail.com
bobkeet.com
chasingplanet.com
obernix.com
managementgpus.mobi
tcunionnet.com
hydzonised.com
jennie-espy.com
animeinkcon.com
hesovery.cool
bvilifemagazine.com
medicareworldnewsreport.net
zdrowykon.com
atenmedilatam.com
dlasso.com
7si3.com
seasonedsupport.com
29essentials.com
cnpuhang.com
yyaa2.net
neocareadvisory.com
tblsportshoes.com
chohub.com
initiationpodcast.com
architex.info
jamietylerlee.com
diusae.com
sun-go24.com
rfeap.com
safunerepublic.com
juanluanzi.com
neptuneribs.com
defocasc.com
tatilingerie.com
all-env.com
triumphantlytransformedbk.com
Targets
-
-
Target
40ee2027d06e0a2ed12888c0e64c43a501ac7f81709625eb1ed61e5b0e43f865
-
Size
490KB
-
MD5
204da52ffbac84b1067d3ee2d06a8b15
-
SHA1
05672de9a26d7cb5cfd408f06bc50e71265f32f3
-
SHA256
40ee2027d06e0a2ed12888c0e64c43a501ac7f81709625eb1ed61e5b0e43f865
-
SHA512
0989cf3b1de4c71e664471cfb9ff783c250e8d251e1438dd01815f8ee3d7103b9b55dd8dfaf374e0ce1ec2c605efc3cb6f8f46df9a9e209ee5638fb0762296b5
-
SSDEEP
6144:MTDMAYloj1/L8YEAQwgG5hUf+uJ18yL3gfDj3f4acR2RzqmCGujxggwHDU1W8:+DMAzjN4YEAFKmE0fbcgcVwg1W8
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-