General
-
Target
Confirm!!.exe
-
Size
857KB
-
Sample
230125-nyz3hafh47
-
MD5
1955205499dfe38428db18133d0c6281
-
SHA1
293c44a29a18f99a06fa38ec8d746d1ff19778b3
-
SHA256
c104d364eec79cad7a9c9040ff30d46e6b2bf694b3c8f80130bb599345fc3d76
-
SHA512
80e01e276e50faff6fcc014f182ee78ac65c158ce36b39577243f5b6cbd7d68beff76195c423aaa27d5d9ec5ca40e8f0b8a99a3418730043c4152102aa2f5d9a
-
SSDEEP
12288:7t4ucOMtEwcU3gZ+GQzjkATGdsp2EHiTZikOFBUif634eG8BSGlhWBr:ZTcO6AAgZbQzlGs2qiOFBUHo8B5Ux
Static task
static1
Behavioral task
behavioral1
Sample
Confirm!!.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
4.1
he2a
connectioncompass.store
zekicharge.com
dp77.shop
guninfo.guru
mamaeconomics.net
narcisme.coach
redtopassociates.com
ezezn.com
theoregondog.com
pagosmultired.online
emsculptcenterofne.com
meet-friends.online
pf326.com
wealthjigsaw.xyz
arsajib.com
kickassholdings.online
avaturre.biz
dtslogs.com
lb92.tech
pittalam.com
cyberlegion.group
24eu-ru-startup.xyz
theaustralianbrisketboard.com
bavrnimn.site
xn--groupe-gorg-lbb.com
hg08139.com
myjbtest.net
cyg8wm3zfb.xyz
mimi2023.monster
ruixiangg.com
smokintires.net
out-boundlabs.net
matrix-promotions.com
botfolk.com
6o20r.beauty
cpohlelaw.com
zamupoi.fun
eletrobrasilvendas.com
desire-dating.com
678ap.com
bioprost.club
hfaer4.xyz
yuwangjing.com
359brigham.com
misstamar.mobi
lucasbrownviolinstudio.com
mybet668.com
giuila.online
mathews.buzz
dcmdot.com
epeople.store
totneshotdesk.com
jaehub.com
notbokin.online
trongiv.xyz
adept-expert-comptable.net
4tvaccounting.com
saledotfate.live
canadiantrafficmanagement.net
oktravelhi.com
taylorranchtrail.com
tempahwebsites.com
b-store.shop
paintellensburg.com
qfs-capital.com
Targets
-
-
Target
Confirm!!.exe
-
Size
857KB
-
MD5
1955205499dfe38428db18133d0c6281
-
SHA1
293c44a29a18f99a06fa38ec8d746d1ff19778b3
-
SHA256
c104d364eec79cad7a9c9040ff30d46e6b2bf694b3c8f80130bb599345fc3d76
-
SHA512
80e01e276e50faff6fcc014f182ee78ac65c158ce36b39577243f5b6cbd7d68beff76195c423aaa27d5d9ec5ca40e8f0b8a99a3418730043c4152102aa2f5d9a
-
SSDEEP
12288:7t4ucOMtEwcU3gZ+GQzjkATGdsp2EHiTZikOFBUif634eG8BSGlhWBr:ZTcO6AAgZbQzlGs2qiOFBUHo8B5Ux
-
Formbook payload
-
Blocklisted process makes network request
-
Deletes itself
-
Suspicious use of SetThreadContext
-