General
-
Target
E-dekont.pdf.exe
-
Size
259KB
-
Sample
230323-h931msgb9z
-
MD5
d40c752afda958acd686a4cdc7d6ae9f
-
SHA1
026b08860087225aef946bf2d57659c9fb839287
-
SHA256
60d85cc9cdf5ea1c43d698843974eb8ed2a5acb05443ab1a0d24e237438a5b7b
-
SHA512
eb22b3267fe94bfb866a5293877a4100e7f4dd5825cec2ad1875b33e5d711eb4a4258e27ae73e7df28d38a687e372163013c6a41437f7b2e5ae676aa2569e811
-
SSDEEP
6144:PYa6FB67K+gdNGetVdBOrpZWcTUDMDJ+p5lAlnTnc4gexmTnQvx:PYPBKK+ylrCpZWdADJYalTxx
Static task
static1
Behavioral task
behavioral1
Sample
E-dekont.pdf.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
me29
borne-selfie-valence.com
erccore.com
fontebono.com
58619.se
smartmetersystems.co.uk
defrag.team
az-architecture.com
healingthehoard.com
eqde.ru
kingsedubd.com
hoibeebu.net
findbesthomesolution.com
dinkdfw.com
alfa-outlet.com
claritybiometrics.video
lewshopok.cfd
crofton77.online
assetzstat.info
indianhillsequine.com
vetsclosetomylocation.com
gfaxtp.xyz
mebssa.net
sherkhanbengals.co.uk
banparatualize.online
eleven-dragons.com
love-shopping.online
bluejetfridayblack.com
wideanglemedia.africa
colegiorayenco.com
fryroq.top
demarcofamilyphotos.com
crownandcushionminley.co.uk
global-investorproject.online
1001tracks.com
arabicbonus.com
bsadchina.com
jadebynite.com
eurotankfarm.com
jestfreedom.info
lesptitesdames.com
incomearound.com
jslindev.com
667527.com
cafejazzperu.com
cakethapap.com
bbyw48600lj2a2.com
youthhero.net
lajdmchaoknsazdrd.com
bereadyballotvote.com
digitalpresident.africa
bhdraftingdesign.company
hbnchallenge.com
fitness4health.club
mosaicmakes.co.uk
aluxayachts.com
141-tactical.com
forcemajeureemporium.com
gedankenmosaik.com
deploymentpickax.com
252315454222.xyz
liliacarriedo.com
disegnofloors.com
avnetts.com
articlesgames.com
emmnet.africa
Targets
-
-
Target
E-dekont.pdf.exe
-
Size
259KB
-
MD5
d40c752afda958acd686a4cdc7d6ae9f
-
SHA1
026b08860087225aef946bf2d57659c9fb839287
-
SHA256
60d85cc9cdf5ea1c43d698843974eb8ed2a5acb05443ab1a0d24e237438a5b7b
-
SHA512
eb22b3267fe94bfb866a5293877a4100e7f4dd5825cec2ad1875b33e5d711eb4a4258e27ae73e7df28d38a687e372163013c6a41437f7b2e5ae676aa2569e811
-
SSDEEP
6144:PYa6FB67K+gdNGetVdBOrpZWcTUDMDJ+p5lAlnTnc4gexmTnQvx:PYPBKK+ylrCpZWdADJYalTxx
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-