General
-
Target
20230324_2073053.IMG
-
Size
1.3MB
-
Sample
230324-ns13lsgb3z
-
MD5
ed17d8de65b6d173ff3cf3ade7ff73a1
-
SHA1
722aa7f875fb344432dadb0082edc36a7796f617
-
SHA256
b5aed45d1e9d42e9fa8dc45994dfec8a11a8ecde02079e4d12da52a09ae1754a
-
SHA512
76d86977b26f3639038565058c198daf6b5e28de62245a056a49a35a9d65029cc0df3cd1f8a4c27cfa14b59eb9c00165383e377b2332aa91ec191961dfa120ea
-
SSDEEP
12288:CCRbds5v5x4bHO9ZrYg+9SWxLpmXT8WkTpFKklp6qW2+lHOZwdU:CCAyj+0FmD8Wk1pTUROZG
Static task
static1
Behavioral task
behavioral1
Sample
20230324.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
cs19
asafkozmetik.com
hitcentersinc.com
healthcurezone.africa
umzontsundu.africa
llklkj456.online
simplyfetchingweddings.com
agile-workforce.com
efefcapricious.buzz
natalyrunner.ru
alain-jp.com
uhdtubesex.net
amerika-express.com
evolutionunited.com
digi-eye.app
10086o.xyz
airinsystem.com
fullbasketballacademy.com
kronoendustri.com
kujzap.cfd
ankleswelling.site
goool.app
cctheatreanddance.com
hebeidesheng.com
childcareworkerworksfind.life
hannahmarsh.co.uk
lacollinettadegliolivi.com
kings-health.com
noisefloor.net
winkyi.net
cup66.live
neonhealth.net
annedawson.co.uk
avondalebands.com
chacossandalsuk.com
goalpotential.com
dignifiedveterinaryservices.com
theheartofphotography.com
hausaeduphp.africa
blessedandfavorfashion.com
alibabas.estate
ebugrea.club
bxovt.online
gzgzsw.com
angelapreusser.com
footborla.com
kremlyad.com
nexuus.co.uk
gyrskaya.com
oldgoldwatch.com
cruises-65034.com
2smxbpierrerojas.social
buildalubond.com
feeds.review
ilavdesign.store
e14zsk.shop
bahraincrown.com
57me5g.site
ginnjinn.com
kasoraenterprises.com
1waryi.top
365bizmag.com
etfd6.finance
fliesen-konrad-shop.com
thehutonline.africa
allfloridalandforsale.com
Targets
-
-
Target
20230324.EXE
-
Size
791KB
-
MD5
fdca43d474bf8b09efa04fee4dea2c68
-
SHA1
e702215560b931fa58cd5aa547072d50b2f806d1
-
SHA256
bb58b7a83dca5acebea46ff017834a7c95699e80cd172b056d2c0421e56ae30c
-
SHA512
1d99b3cfad1484576b27530a4075654de4d9819109cb94acc7fdaa7a92c16d2cd1d748c276ff4077902d3f7ba336099fe43e69ebd7cac8fc2de3d3d146c93530
-
SSDEEP
12288:yCRbds5v5x4bHO9ZrYg+9SWxLpmXT8WkTpFKklp6qW2+lHOZwdU:yCAyj+0FmD8Wk1pTUROZG
-
Detected phishing page
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-