General
-
Target
RECEIPTT.exe
-
Size
267KB
-
Sample
230211-ewyl8acg7s
-
MD5
e38c4b7f5de2846f89e8e061df8731c6
-
SHA1
bfd739aaebc057290b3cae29935017df979ab8fd
-
SHA256
9ebd42be2d0f505ae863efdf099bd29f7058ec11077db24fb97c5683eb8df9fb
-
SHA512
c254b24d62e648a9e53762da451de39431dc246a5e029775df2a4b91bc21d2b8d40c928a682c472087d5ce0a73c83c485f1e0fbb7ec10c8267fa7158d969cd7e
-
SSDEEP
6144:/Ya68EOX/D62/LlUP80HILUNnKx1yl4QKopM0Pdlo:/YyjvW2DlUBvnKx1ylPq0Fq
Static task
static1
Behavioral task
behavioral1
Sample
RECEIPTT.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
4.1
ke03
fastartcustom.com
ikanggabus.xyz
aevum.ru
lacarretapps.com
arcaneacquisitions.net
fuulyshop.com
bloodbahis278.com
bullardrvpark.com
cowboy-hostel.xyz
empireoba.com
the-windsor-h.africa
help-desk-td.com
dofirosols.life
efefarmy.buzz
kewwrf.top
autoran.co.uk
moodysanalytics.boo
kulturemarket.com
ffwpu-kenya.com
heykon.com
blueskyauberge.com
hiroseringyou.com
capitolau.com
apiverity.com
ashcroftbathco.co.uk
khalifa-dubai.com
emailstodollars.com
efeffluttering.buzz
digitapursuit.com
baburg.com
betterworldmarketing.shop
kopaczynska.com
damonandlovell.com
jingchuangroup.com
duodianji.com
shengguangxinxi.com
lifestylemotoring.co.uk
bartoncourt.org.uk
girldatefy.com
conradrawford.click
nextratedmusic.africa
jehucapital.com
aceproductions.net
almasrd.com
complstein.com
cb5dj.com
glifingcr.com
beatsbyche.com
bejaiasoisobservateur.com
lqdwqy.top
frykuv.xyz
huxiaotangtattoo.com
installinverter.africa
credeo.uk
ciaottanperu.com
ilovemeta.vip
hpid.co.uk
67812.vet
avs-omsk.online
starshiptroopers.net
cryptoplaza.app
lingshiol.com
honorglasspackaging.com
cannabismapsny.com
bakkenmetkinderen.com
Targets
-
-
Target
RECEIPTT.exe
-
Size
267KB
-
MD5
e38c4b7f5de2846f89e8e061df8731c6
-
SHA1
bfd739aaebc057290b3cae29935017df979ab8fd
-
SHA256
9ebd42be2d0f505ae863efdf099bd29f7058ec11077db24fb97c5683eb8df9fb
-
SHA512
c254b24d62e648a9e53762da451de39431dc246a5e029775df2a4b91bc21d2b8d40c928a682c472087d5ce0a73c83c485f1e0fbb7ec10c8267fa7158d969cd7e
-
SSDEEP
6144:/Ya68EOX/D62/LlUP80HILUNnKx1yl4QKopM0Pdlo:/YyjvW2DlUBvnKx1ylPq0Fq
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-