General
-
Target
RECIBO MTCN_1.rar
-
Size
279KB
-
Sample
230329-n8lmvsgb95
-
MD5
fbfbcba8a1d2462e7f1f8793b6fe9178
-
SHA1
207bf75a2b565c00602e34a476a74080019634d1
-
SHA256
679c58fc25dfa08328646f05caf3961ce47473ed96a2afe0c1598a5379863103
-
SHA512
820d94e84d1b23a06f779ba60caa1056d881f621a81cd41d7508a5282525d77b770174e5fd825dcff4ad8f613b1f17dad073c0f879d66416f465dee699e54ae8
-
SSDEEP
6144:N0XHzSYSiWWe6r6HwDqyXYjyUZMnw1fsM7EBNnjZL1n8D9f:N8S3WIHyqyIZYbnlxS9f
Static task
static1
Behavioral task
behavioral1
Sample
RECIBO MTCN.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
ke03
fastartcustom.com
ikanggabus.xyz
aevum.ru
lacarretapps.com
arcaneacquisitions.net
fuulyshop.com
bloodbahis278.com
bullardrvpark.com
cowboy-hostel.xyz
empireoba.com
the-windsor-h.africa
help-desk-td.com
dofirosols.life
efefarmy.buzz
kewwrf.top
autoran.co.uk
moodysanalytics.boo
kulturemarket.com
ffwpu-kenya.com
heykon.com
blueskyauberge.com
hiroseringyou.com
capitolau.com
apiverity.com
ashcroftbathco.co.uk
khalifa-dubai.com
emailstodollars.com
efeffluttering.buzz
digitapursuit.com
baburg.com
betterworldmarketing.shop
kopaczynska.com
damonandlovell.com
jingchuangroup.com
duodianji.com
shengguangxinxi.com
lifestylemotoring.co.uk
bartoncourt.org.uk
girldatefy.com
conradrawford.click
nextratedmusic.africa
jehucapital.com
aceproductions.net
almasrd.com
complstein.com
cb5dj.com
glifingcr.com
beatsbyche.com
bejaiasoisobservateur.com
lqdwqy.top
frykuv.xyz
huxiaotangtattoo.com
installinverter.africa
credeo.uk
ciaottanperu.com
ilovemeta.vip
hpid.co.uk
67812.vet
avs-omsk.online
starshiptroopers.net
cryptoplaza.app
lingshiol.com
honorglasspackaging.com
cannabismapsny.com
bakkenmetkinderen.com
Targets
-
-
Target
RECIBO MTCN.exe
-
Size
294KB
-
MD5
9a28fed41f2ac3aff59ffdde4a752434
-
SHA1
08c829e972d92ff9d6386c25014dcda629165ecf
-
SHA256
29cabc4d11ff9dc55301ff8d60eb06d1e1ec9c2509910ceda522e84ab4e240f8
-
SHA512
b602bc23d493432093d80a75812d41543f77aea591ee68472bdc7f5e9f4a867989ab09b8cd775ddae2e73585bf776c1358c70fb6aca78388c6729b56ce9e8b40
-
SSDEEP
6144:/Ya6uP3tS22mHJp2HJpuK9dw4ax7C+nfZu5tCt4J4p5yXc/DOaK:/YY/tS2xUqKc4al3ns5ktS44YqaK
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-