General
-
Target
new.exe
-
Size
423KB
-
Sample
230220-ph937sad6y
-
MD5
d00138d4097d9e64a13f408bb7441b4f
-
SHA1
e7d7447a48917bb0090f4d2f80148006f91d8228
-
SHA256
1954e5d17d12c8b4fabdb74dec7e0001ce7a5143052430155668111e1e4039cf
-
SHA512
f7a3f7c59888edc4270bb31c65bd6d25d43b16d6835d3638f1693fb0fbbef1f09aa7512f7e41bf455fd96a5cb029d491d8a33b1b727c00793134fda92b933ff4
-
SSDEEP
6144:jYa6DVGiehYrkn1BvF7f9wINRpJpkSsysPN4SoR/tbr/k63U/sO1i8FlTdI3:jYxVNeug7f9wITdkSsV43dI6E/Hfs
Static task
static1
Behavioral task
behavioral1
Sample
new.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
4.1
ho62
aqawonky.com
ancachsroadsideassistance.com
artologycreatlive.com
olesinfo.africa
lovebreatheandsleep.com
friendsofdragonsprings.com
homecomingmums.wiki
hg222.bet
precision-spares.co.uk
generalhospitaleu.africa
touchstone4x4.africa
dynamator.com
dental-implants-52531.com
efefear.buzz
bentonapp.net
89luxu.com
bridgesonelm.com
acesaigon.online
instantapprovals.loans
evuniverso.com
kasoraenterprises.com
instasteamer.com
granolei.com
iamavisioniar.site
beachexplo.com
ynametro.com
littlegallery-rovinj.com
27og.com
horrorcity.online
zexo.africa
perdeumane.com
drugsaddiction.co.uk
tickleyourfancy.africa
jimyhq.top
rajputnetwork.co.uk
lacuspidehn.com
bestxdenotecyby.top
gg10siyahposet.xyz
biorigin.co.uk
jye-group.com
digito.exposed
eternalstw.com
schjetne.dev
climateviking.com
easysaldoya.xyz
1233332.xyz
centerverified.online
lezzetyemekfabrikasi.com
wzshayang.com
cloudadonis.com
zxpz6.com
alifecube.com
induscontrolpcb.site
golfingineurope.com
ducksathomephotos.com
aimeesbellaboutique.com
justrebottle.com
hachettejeunesse.pro
238142.com
casabiancapanama.com
dohenydesalination.com
1-kh.com
cdhptor.xyz
island6.work
ehirtt.com
Targets
-
-
Target
new.exe
-
Size
423KB
-
MD5
d00138d4097d9e64a13f408bb7441b4f
-
SHA1
e7d7447a48917bb0090f4d2f80148006f91d8228
-
SHA256
1954e5d17d12c8b4fabdb74dec7e0001ce7a5143052430155668111e1e4039cf
-
SHA512
f7a3f7c59888edc4270bb31c65bd6d25d43b16d6835d3638f1693fb0fbbef1f09aa7512f7e41bf455fd96a5cb029d491d8a33b1b727c00793134fda92b933ff4
-
SSDEEP
6144:jYa6DVGiehYrkn1BvF7f9wINRpJpkSsysPN4SoR/tbr/k63U/sO1i8FlTdI3:jYxVNeug7f9wITdkSsV43dI6E/Hfs
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-