General
-
Target
shelamas3.1.exe
-
Size
511KB
-
Sample
221207-rk8z2aac5v
-
MD5
7994c54a4717446039c90d9f5e63d4ce
-
SHA1
18f5bc70c635da9b95e47898f0313758e225a380
-
SHA256
037d18a0489c63d5d9ba87f8ea9652c511df0787eb9d8fe361cfab7f93e03582
-
SHA512
69dc8129beeb15632ea7ea8c63d95bd1a08c8fb3aaacf7344d3ec01bd9efd9f5e6f4dd9e540c159c83a25bcf0003caa57ed944351e6a20c769e124302a0ea5af
-
SSDEEP
12288:nEUfI55vi6nBA+FrSbH/PJ8jevCPyyYmYj:npYnnBA+FG7/h8jeKPtYtj
Static task
static1
Behavioral task
behavioral1
Sample
shelamas3.1.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
4.1
sk19
21diasdegratitud.com
kx1993.com
chasergt.com
837news.com
naturagent.co.uk
gatorinsurtech.com
iyaboolashilesblog.africa
jamtanganmurah.online
gguminsa.com
lilliesdrop.com
lenvera.com
link48.co.uk
azinos777.fun
lgcdct.cfd
bg-gobtc.com
livecarrer.uk
cbq4u.com
imalreadygone.com
wabeng.africa
jxmheiyouyuetot.tokyo
atrikvde.xyz
ceopxb.com
autovincert.com
18traversplace.com
internetmedianews.com
entersight.net
guzmanshandymanservicesllc.com
gqqwdz.com
emeraldpathjewelery.com
flowmoneycode.online
gaziantepmedicalpointanket.com
111lll.xyz
irkwood138.site
abovegross.com
shopabeee.co.uk
greenvalleyfoodusa.com
dd-canada.com
libertysminings.com
baronsaccommodation.co.uk
kareto.buzz
freeexercisecoalition.com
73129.vip
avanteventexperiences.com
comercialdiabens.fun
nondescript.uk
facal.dev
detox-71934.com
kovar.club
jetsparking.com
infocuspublicidad.com
xxhcom.com
indianvoltage.com
becrownedllc.com
3744palosverdes.com
gospelnative.africa
linkmastermind.com
cotgfp.com
lousweigman.com
cantoaffine.online
debbiepatrickdesigns.com
766626.com
webcubemedia.africa
autonomaat.com
hannahmarsh.co.uk
justbeand.com
Targets
-
-
Target
shelamas3.1.exe
-
Size
511KB
-
MD5
7994c54a4717446039c90d9f5e63d4ce
-
SHA1
18f5bc70c635da9b95e47898f0313758e225a380
-
SHA256
037d18a0489c63d5d9ba87f8ea9652c511df0787eb9d8fe361cfab7f93e03582
-
SHA512
69dc8129beeb15632ea7ea8c63d95bd1a08c8fb3aaacf7344d3ec01bd9efd9f5e6f4dd9e540c159c83a25bcf0003caa57ed944351e6a20c769e124302a0ea5af
-
SSDEEP
12288:nEUfI55vi6nBA+FrSbH/PJ8jevCPyyYmYj:npYnnBA+FG7/h8jeKPtYtj
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-