General
-
Target
e-dekont.html.exe
-
Size
213KB
-
Sample
221206-rma6saef56
-
MD5
eb9d6d2df1cbcca4f5d82c2832a7c0a1
-
SHA1
7749b8248b8da350dffa42d06763ffe5ecd5068b
-
SHA256
890f77a5e151d7e87c3a0a953f471fb964e00644b798f37b566100d61b5f35ee
-
SHA512
f7e557fae3f6376e51ed53762ea7f7bea032c91097347d04f17b1897016b3a82301d7ee3fe12835c229657617ef62cbe13eacddcf82cd2774584e2d2a0e2642c
-
SSDEEP
6144:QBn1tLOFNRnx6BSe8GtF9XMuXOPNjNu/C:gYyBSLGtXXMuXR6
Static task
static1
Behavioral task
behavioral1
Sample
e-dekont.html.exe
Resource
win7-20220901-en
Malware Config
Extracted
formbook
4.1
mi08
mytimebabes.com
ycpxb.com
abdkaplani.com
cloudingersoftech.com
fthfire.xyz
christyna.work
3d-add-on.com
knowyourtechdeals.com
kcl24.com
sepatubiker.com
sunnyboy.live
zrbsq.com
rinpari.com
lesac-berra.com
yes820.com
cnnorman.com
mystichousedv.com
sbobet888auto.com
gawiul.xyz
luispenas.com
whdchb.com
094am.com
fkwjs.xyz
batobo.online
mathswatchbot.com
bereketvadisi.com
additionmovies.xyz
zgqc168.com
xamango.com
1cpi1s0u7qcuj1xus5cg1fezo1k.com
b4xy.top
owicz.com
impulseamtt.com
247plumbers.monster
tradersource.online
decrimatx.com
my-vero.com
zgshdbhy.com
cab24seven.com
adultnnewspalace.com
volpi-venture.com
pixpotengi.link
zzjyswx.xyz
xn--90aiiithifm8h.com
nextdaybannerstands.com
uniquehandicraft.store
securityapp.top
mugexpert.net
magaa.xyz
omegaverse.wiki
owlsomeclothing.com
pegasuspadel.club
d-esig-n.site
alrate.top
simplyhillpisya.monster
mentawaisurfboat.com
nwjfypy.xyz
pgcbl.online
adultarivaj.com
juicyhookahinc.com
thewisestonellc.com
it32mgn.store
coco-vista.com
cremation-services-53998.com
grassi.uno
Targets
-
-
Target
e-dekont.html.exe
-
Size
213KB
-
MD5
eb9d6d2df1cbcca4f5d82c2832a7c0a1
-
SHA1
7749b8248b8da350dffa42d06763ffe5ecd5068b
-
SHA256
890f77a5e151d7e87c3a0a953f471fb964e00644b798f37b566100d61b5f35ee
-
SHA512
f7e557fae3f6376e51ed53762ea7f7bea032c91097347d04f17b1897016b3a82301d7ee3fe12835c229657617ef62cbe13eacddcf82cd2774584e2d2a0e2642c
-
SSDEEP
6144:QBn1tLOFNRnx6BSe8GtF9XMuXOPNjNu/C:gYyBSLGtXXMuXR6
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-