General
-
Target
waterlac4.1.exe
-
Size
772KB
-
Sample
221213-hw5bjseb95
-
MD5
1711e869b92ee00965b3ee9137b1661a
-
SHA1
18bcf67094b11883c1f97bbec77ba7322cb1fbe1
-
SHA256
2c75e868a52c52b94d15f6df36dfb1eb5522418c61f8a9081319855fb302e403
-
SHA512
263da213a81c7bf108dd60e5a8c1fcd8deffa682e24b403b20728daf0754f66261be91c46f0434a0bd899eb9894d4b26615992908d7c91f1532ba32921fba088
-
SSDEEP
12288:sBlMPUUGCBBy9HYQxFVqpjEUHf1vfwHLRGk/TwyDlmaWOuu6ri43uQ:kCBByp1HQjqrRGkdDkg6v3F
Static task
static1
Behavioral task
behavioral1
Sample
waterlac4.1.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
4.1
8rmt
3472cc.com
takecareyourhair.com
kontolajigasd21.xyz
daihaitrinh.net
syncmostlatestinfo-file.info
lovesolutionsastrologist.info
angelapryan.com
rio727casino.com
jjsgagets.com
devyatkina.online
thegoldenbeautyqatar.com
czytaj-unas24live.monster
timepoachers.com
gayxxxporn.site
72308.xyz
kristanolivo.com
hijrahfwd.com
bmfighters.com
alfamx.website
handfulofbabesbows.com
nationalsocialism.link
mega-recarga-arg.com
rytstack.com
kfav77.xyz
rrexec.net
linetl.top
freedomcleaningusa.com
abofahad3478.tokyo
teamvalvolineeurope.com
kyty4265.com
afrikannaland.info
dharmatradinguae.com
bqylc.buzz
lifeprojectmanager.pro
streeteli.site
68fk.vip
wasemanntrucking.com
auracreitarusblog.com
dfgzyt.cyou
tecnotuto.net
ookkvip.com
247repairs.info
tyvwotnmrlpjgl.biz
courtneymporter.com
gildainterior.com
papiska.xyz
sparrow.run
tyh-group.com
april-zodiac-sign.info
kiaf1.site
cooleyes.live
partasa.com
connecticutinteriors.com
thelovehandles.us
netinseg.website
diaryranch.xyz
serenaderange.com
milano.icu
vapeseasy.com
hengruncosmetics.com
vlashon.com
masberlian.ink
djayadiwangsa.store
nicneni.xyz
ym2668.top
Targets
-
-
Target
waterlac4.1.exe
-
Size
772KB
-
MD5
1711e869b92ee00965b3ee9137b1661a
-
SHA1
18bcf67094b11883c1f97bbec77ba7322cb1fbe1
-
SHA256
2c75e868a52c52b94d15f6df36dfb1eb5522418c61f8a9081319855fb302e403
-
SHA512
263da213a81c7bf108dd60e5a8c1fcd8deffa682e24b403b20728daf0754f66261be91c46f0434a0bd899eb9894d4b26615992908d7c91f1532ba32921fba088
-
SSDEEP
12288:sBlMPUUGCBBy9HYQxFVqpjEUHf1vfwHLRGk/TwyDlmaWOuu6ri43uQ:kCBByp1HQjqrRGkdDkg6v3F
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-