General
-
Target
ODBIÓR MTCN.exe
-
Size
341KB
-
Sample
230328-q3h1wsda4t
-
MD5
36795a69031d90410d834ad79b3c43e6
-
SHA1
2ffcc154f19ece4f42d25f3d37fade1d7312e388
-
SHA256
0ca1816f2c6bc6bb3e9dc4f32b36211472bf4d737d561e9c0a2d67ad38f474a2
-
SHA512
f745df8db8ddbbc0658ee29cf420c5d5e8773be3a13fc1f055dc222d2f937f251a99db1477982594edbdc78d0decb8d8c9f5aa1feefbbe67a372979273c52882
-
SSDEEP
6144:/Ya6OjgM/tPAQTVtnJJgl1wPUOCDpTzt9FD4QbCZv1bfJqy1z2Ek9gqCiGw:/YI0M/JrWiPiTz9UrZZKEMgQGw
Static task
static1
Behavioral task
behavioral1
Sample
ODBIÓR MTCN.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
ke03
fastartcustom.com
ikanggabus.xyz
aevum.ru
lacarretapps.com
arcaneacquisitions.net
fuulyshop.com
bloodbahis278.com
bullardrvpark.com
cowboy-hostel.xyz
empireoba.com
the-windsor-h.africa
help-desk-td.com
dofirosols.life
efefarmy.buzz
kewwrf.top
autoran.co.uk
moodysanalytics.boo
kulturemarket.com
ffwpu-kenya.com
heykon.com
blueskyauberge.com
hiroseringyou.com
capitolau.com
apiverity.com
ashcroftbathco.co.uk
khalifa-dubai.com
emailstodollars.com
efeffluttering.buzz
digitapursuit.com
baburg.com
betterworldmarketing.shop
kopaczynska.com
damonandlovell.com
jingchuangroup.com
duodianji.com
shengguangxinxi.com
lifestylemotoring.co.uk
bartoncourt.org.uk
girldatefy.com
conradrawford.click
nextratedmusic.africa
jehucapital.com
aceproductions.net
almasrd.com
complstein.com
cb5dj.com
glifingcr.com
beatsbyche.com
bejaiasoisobservateur.com
lqdwqy.top
frykuv.xyz
huxiaotangtattoo.com
installinverter.africa
credeo.uk
ciaottanperu.com
ilovemeta.vip
hpid.co.uk
67812.vet
avs-omsk.online
starshiptroopers.net
cryptoplaza.app
lingshiol.com
honorglasspackaging.com
cannabismapsny.com
bakkenmetkinderen.com
Targets
-
-
Target
ODBIÓR MTCN.exe
-
Size
341KB
-
MD5
36795a69031d90410d834ad79b3c43e6
-
SHA1
2ffcc154f19ece4f42d25f3d37fade1d7312e388
-
SHA256
0ca1816f2c6bc6bb3e9dc4f32b36211472bf4d737d561e9c0a2d67ad38f474a2
-
SHA512
f745df8db8ddbbc0658ee29cf420c5d5e8773be3a13fc1f055dc222d2f937f251a99db1477982594edbdc78d0decb8d8c9f5aa1feefbbe67a372979273c52882
-
SSDEEP
6144:/Ya6OjgM/tPAQTVtnJJgl1wPUOCDpTzt9FD4QbCZv1bfJqy1z2Ek9gqCiGw:/YI0M/JrWiPiTz9UrZZKEMgQGw
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-