General
-
Target
REVISED_.EXE
-
Size
761KB
-
Sample
230202-j8dvssfe84
-
MD5
c18c92beacd7e92b9881eb2d8a56d2ad
-
SHA1
ed42c80e56dfb719435cc58919758a195341055b
-
SHA256
ed5c5ef5186a78d9dd02e7dbf36b0bcc9d6c0e733f04a6780f6bcf06dbfc3338
-
SHA512
ed4735fd4d07653e5bc8c7eee0b53996d36f1efed3ef52954ee2e39d51f6a08fbab5b1578fe39c3652fecdac45d665f0b295809f24bdd2cee7f10928510910a9
-
SSDEEP
12288:3tz8L6gu+xMRSR5SEtKypyE4s09JtWsJIPg8zLvqsEqG4yPa:CLzyRU5Zp74so3WaCTC1qG4yPa
Static task
static1
Behavioral task
behavioral1
Sample
REVISED_.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
4.1
gg62
growfast.africa
lerema.com
38945.se
wheelfermotors.africa
giftshareforyou.online
burrismktg.com
keepgrowing.uk
efefhomeless.buzz
bryanokoh.com
fashion-clothing-40094.com
andreasunshine.com
naijahood.africa
aditrirealty.com
kinnoitodatsumou.com
cryptoqzclimax.com
hairly.biz
comeuphither4.com
integrity360.ltd
flushywhole.com
8869365.com
fabvance-demos.online
motherpearl.africa
dnsmctmu.com
25779.football
crimson-sunset.ru
haamyounghoon.com
0563news.com
battleb0t.site
transnetfreight.africa
djdaxroadshow.co.uk
bwrps.live
abuin.vip
impressionsbyb.store
findguyscolorado.com
jordanflowerauction.net
fdm50off.com
31seaaa.com
centuryofviolence.co.uk
againstszhanweek.com
injurylawyersconsultants.com
kuotabike.com
cruisejoy.uk
clotaire.ru
hurloic.xyz
anvair.com
ivapeonthis.com
hotsesso.xyz
khramvyazovki.store
mentalistas.dev
cahayasunnah.com
bypro1.online
flavoredkreations.info
inuwallet.com
livingemployebenefits.com
enlighthings.com
focobreathwork.com
emaskhalipahbertam.com
jswl.store
chamaera.com
abbeyspear.com
downwind.one
lovelive.buzz
essentialhealth101.com
irakit.com
cbsht.com
Targets
-
-
Target
REVISED_.EXE
-
Size
761KB
-
MD5
c18c92beacd7e92b9881eb2d8a56d2ad
-
SHA1
ed42c80e56dfb719435cc58919758a195341055b
-
SHA256
ed5c5ef5186a78d9dd02e7dbf36b0bcc9d6c0e733f04a6780f6bcf06dbfc3338
-
SHA512
ed4735fd4d07653e5bc8c7eee0b53996d36f1efed3ef52954ee2e39d51f6a08fbab5b1578fe39c3652fecdac45d665f0b295809f24bdd2cee7f10928510910a9
-
SSDEEP
12288:3tz8L6gu+xMRSR5SEtKypyE4s09JtWsJIPg8zLvqsEqG4yPa:CLzyRU5Zp74so3WaCTC1qG4yPa
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-