General
-
Target
REVISED PURCHASE ORDER.rar
-
Size
792KB
-
Sample
230208-rlp9baah4t
-
MD5
714b07a7853bbd40899905e1eed3ef9c
-
SHA1
3a25e3b33e3447ba45e08c33d9f66294f32d75eb
-
SHA256
553e1b3e0681bff4b2e85cefba1ea7ed48c5161c682f8fe3e5346a266b2b2c7d
-
SHA512
83ea0275c48055f3e99acb49bc2167e76059745987db77ed819b8b35d91d4b0117bd450a07b658a78615504bd5057c40b118245603a34bd1309dffe0bd3c9513
-
SSDEEP
24576:OC6SVdP6AD0Z5PiO+rW/HqAcpeaCywDUVLbP76Z:OCf99reqxdz9fK
Static task
static1
Behavioral task
behavioral1
Sample
REVISED PURCHASE ORDER.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
4.1
gg62
growfast.africa
lerema.com
38945.se
wheelfermotors.africa
giftshareforyou.online
burrismktg.com
keepgrowing.uk
efefhomeless.buzz
bryanokoh.com
fashion-clothing-40094.com
andreasunshine.com
naijahood.africa
aditrirealty.com
kinnoitodatsumou.com
cryptoqzclimax.com
hairly.biz
comeuphither4.com
integrity360.ltd
flushywhole.com
8869365.com
fabvance-demos.online
motherpearl.africa
dnsmctmu.com
25779.football
crimson-sunset.ru
haamyounghoon.com
0563news.com
battleb0t.site
transnetfreight.africa
djdaxroadshow.co.uk
bwrps.live
abuin.vip
impressionsbyb.store
findguyscolorado.com
jordanflowerauction.net
fdm50off.com
31seaaa.com
centuryofviolence.co.uk
againstszhanweek.com
injurylawyersconsultants.com
kuotabike.com
cruisejoy.uk
clotaire.ru
hurloic.xyz
anvair.com
ivapeonthis.com
hotsesso.xyz
khramvyazovki.store
mentalistas.dev
cahayasunnah.com
bypro1.online
flavoredkreations.info
inuwallet.com
livingemployebenefits.com
enlighthings.com
focobreathwork.com
emaskhalipahbertam.com
jswl.store
chamaera.com
abbeyspear.com
downwind.one
lovelive.buzz
essentialhealth101.com
irakit.com
cbsht.com
Targets
-
-
Target
REVISED PURCHASE ORDER.exe
-
Size
913KB
-
MD5
41ab5bbead147ca7db73d398076e3fd9
-
SHA1
a0ebaff7957bf8799a03cca6ac70e8231d75eeec
-
SHA256
686802626b55d584dba9bb97f1a9c6b61cdb1f56ab9362cb57b333109ed3a486
-
SHA512
9b451126a7d5e90c51b560f6e0f6699741d7d7f32756eb9e05a2d38f6a3bd14ae540781b4d874a0e3db5e4650a588296892a12e09e78fff62cfb414f2ee01b3e
-
SSDEEP
24576:l1BFwfrxN5IC54TWM/G9PXswdhfi+KOE9udmifzoaAneetX:lSjtgi55cw6+zOQmifze
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-