General
-
Target
93A60B00B3933B1D036AA791E81EFE05249C5563384F2DDD04492B6BE6563583
-
Size
1.6MB
-
Sample
230208-v29vfadf27
-
MD5
04377905d08675dc437756ba2cdfd9fe
-
SHA1
0efa33091a6aa13f0bdc77bd06a2a103f3c33455
-
SHA256
93a60b00b3933b1d036aa791e81efe05249c5563384f2ddd04492b6be6563583
-
SHA512
bf28200e0be3ea3715654dda8b46fd2bc63f99c22ee3cd866f1c0acee25926d4fc0c7b5e2f87130e35f7b60e267dc1f963f102de1498ce8e909cfea2a8899e4b
-
SSDEEP
49152:KmVBGXV62RHZq7oRc8biOoe8n45yO5CTICfF00kqfd:KmV2V62R5MoRPX4AyO5SDfF00kwd
Static task
static1
Behavioral task
behavioral1
Sample
Payment-Advice.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
4.1
gune
artentarn.net
allstarpurchaslng.com
lendhave.quest
3yza.com
qpyikn.shop
play-fortuna-win-15.top
jaspergirl.store
naranjacanelaymiel.online
hiddenvalley-farms.com
gas-grills-66023.com
fp-wp.com
livepix.ltda
liholagroup.com
erlinjobs.com
doctorhooper.net
sggwmdkk.shop
ujuyzw.shop
gameclubzeed.com
myhomewish.com
ontopageone.com
startupsoffering.site
lametododemiguel37.site
premiumofadvertify.info
remarkabledeals.net
crazycoingame.com
allaimages.com
langesjewelry.com
jamtopia.xyz
kunstraum3003.com
oneconclave.com
loversheart.mom
sardegnasolare.com
philippevieux.net
emagrecacomsaude.life
mxs-lv.shop
thewildfire.capetown
pm4xe.xyz
saadev.games
irecoveryinc.com
futurdefs.com
u-too.solar
clabbery.pro
mgsiren.com
moshi-moshi-store.com
louisapham-storegame.site
hebdmt.com
grompert.com
gkfesta.store
briskwinds.com
amazingdigitalart.online
kingfisher-outdoors.com
characterai.dev
291489.com
bombbash.com
domight.live
cqetciso.com
calumniato.com
shandongfangba.com
d22c2.com
cool-video-games.net
digital-marketing-works-1.life
novadeyelopment.com
orneksite.online
instant-ontvangst.info
tylermarkconforti.com
Targets
-
-
Target
Payment-Advice.exe
-
Size
2.6MB
-
MD5
3e416710f120b91849b1878d07ecacd0
-
SHA1
71eb6640520773803b0201cf4466ff57cb3ac81f
-
SHA256
a56fd898ced9c080955b0ee12f4d652bd1b74ddde43470e94033a288e2b97dfc
-
SHA512
3dd24bbff081711efb22f9c4b056e820fbbb45722ef911c7b9bf68b91ed436b2f16af95d2970b29c1d77858f922b4e91b8f2d61856d06d31731de983a796b451
-
SSDEEP
49152:l0LiB3F6szZwltsrSKYsbCNICNfoAgQflqB:l3F62ZwDqSsbODNfoAgqK
-
Detect PureCrypter injector
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-