General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.26437.23955.exe
-
Size
717KB
-
Sample
230109-czrlzacg46
-
MD5
bf58c02807353031eaf12166a845c206
-
SHA1
7bc87a392cf8988a0c1eca424c55cbfeb0949a7c
-
SHA256
02e7ca0e694809b46db1bf660d425961e29e328da5b77b2c0bf1ad11e5d780a0
-
SHA512
f57e49dd1ed451ad4cb098ceea6e55830e3276718d969219d7212caa00456f2a14561d7b4fda5e859bf57195e532005c09eaf566cece008534527eef450fc79c
-
SSDEEP
12288:KuTNjObWmqq66R7832Jv1cWUnxuchyizDqnJD6JzmUikMvm/USIdjp/vm:Kucbqel9UnCiXqB6JzkkMvbv
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.26437.23955.exe
Resource
win7-20220901-en
Malware Config
Extracted
formbook
4.1
ndgi
vuicotvxrejp3il.xyz
w3fa6.net
sappuno02.com
konstruksirumah.xyz
usalifehealth.com
and1f.xyz
atenmentfstinfdow.beauty
primepipe.net
roundhouseny.com
alexandermcqueen.icu
transporteavalos.com
spankmetaverse.xyz
jhccowholesale.com
bielefeldgebaeudereinigung.com
saintraphaelschool.com
larifaa.online
dejabrew.info
izabelaeraphael.com
granniestoneet.com
greensourceseed.com
jawaahirulhikmah.com
2lipcolours.com
ginzou.com
vestradgivning.online
atlasdublinresidence.com
bfine.xyz
decision-art.com
nicebayloans.com
pendingissue.biz
troiancircular.com
raftingtennesssee.com
autistal.xyz
purposeinplans.com
socofm.com
dafuweng0471.com
transformcoach.info
vugz.info
isabellesroom.com
kasdawerf.xyz
angelicindia.com
jmakerpumploc.com
departmen.store
kalpataruplotsariaplots.net
mosqueenarbonne.com
tititinews.com
santeoglobal.com
cornharvestdirect.com
chickensoesco.com
softelbow30.com
fuxeonfire.com
soospeter.com
lastikfiyatlari.online
northlandproshop.com
youbelongstojoy.com
asfalt-podrezkovo.store
servequin.com
heti.ink
gulfingroupinvest.com
gastries.info
spunklane.com
acompanhanteslux.com
bbti.world
juiceofjoy.com
tlaaccounting.net
2635westkaylaneprescott.com
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.26437.23955.exe
-
Size
717KB
-
MD5
bf58c02807353031eaf12166a845c206
-
SHA1
7bc87a392cf8988a0c1eca424c55cbfeb0949a7c
-
SHA256
02e7ca0e694809b46db1bf660d425961e29e328da5b77b2c0bf1ad11e5d780a0
-
SHA512
f57e49dd1ed451ad4cb098ceea6e55830e3276718d969219d7212caa00456f2a14561d7b4fda5e859bf57195e532005c09eaf566cece008534527eef450fc79c
-
SSDEEP
12288:KuTNjObWmqq66R7832Jv1cWUnxuchyizDqnJD6JzmUikMvm/USIdjp/vm:Kucbqel9UnCiXqB6JzkkMvbv
-
Formbook payload
-
Suspicious use of SetThreadContext
-