General
-
Target
Documents.exe
-
Size
681KB
-
Sample
230515-mescwaab8y
-
MD5
efcce655c9185b4a1aee1f2e8aa9867e
-
SHA1
a1ccb86cc0d0c073d8500f498a9a5e592172e1a9
-
SHA256
5a056284d1d1ed301db9889707086b4f90527b0e22965fc3a01cc1abd97a2972
-
SHA512
a5b5519be7fdb7955a3f90b810f81ae2d72a013946c4ca53cfc4a93843a4f2e7c9d48f3b9b8ffeb5a64428bd270e0a776b12a9df36a52086a03560fd8c9adf65
-
SSDEEP
12288:DysS9HkVoHI+KSiNHiNoDupsNztjDAfB/hRinA0vocxzpiQ:3sI+BgCGi+Hjcf0AQoszM
Static task
static1
Behavioral task
behavioral1
Sample
Documents.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
m82
jamesdevereux.com
artificialturfminneapolis.com
hongmeiyan.com
lojaderoupasbr.com
yit.africa
austinrelocationexpert.com
saiva.page
exitsategy.com
chochonux.com
klosterbraeu-unterliezheim.com
byseymanur.com
sblwarwickshire.co.uk
brazimaid.com
ciogame.com
bronzesailing.com
dwkapl.xyz
022dyd.com
compassandpathwriting.com
alphabet1x.com
selfcleaninghairbrush.co.uk
power-bank.co.uk
kickskaart.com
baumanbilliardsnv.com
bestcp.net
doghospitalnearme.com
mixano.africa
helarybaber.online
illubio.com
ciutas.com
ldpr33.ru
killtheblacks.com
cassino-portugal.com
danhaii.com
gvtowingservice.com
let-travel.africa
dental-implants-67128.com
facetaxi.xyz
ctjh9u8e.vip
kyosaiohruri.com
executivepresencetrainer.com
greatharmony.africa
feelingsarereal.com
devopsuday.club
happiestminds-udemy.com
fittingstands.com
happyhousegarment.com
24daysofheaven.com
herhustlenation.com
xn--oy2b27nt6b.net
hothotcogixem.online
hausmeisterservice-berlin.net
hjddbb.com
stoutfamilychiro.com
bookishthoughtsbychristy.com
gibellinaheartquake.com
8cf1utrb6.xyz
patrick-daggitt.com
ebcbank.net
angel909reviews.com
arcteryxsouthafricaonline.com
cutematvhy.com
art2z.com
bulkforeverstamps.com
heatbling.com
despachocontablequinsa.com
Targets
-
-
Target
Documents.exe
-
Size
681KB
-
MD5
efcce655c9185b4a1aee1f2e8aa9867e
-
SHA1
a1ccb86cc0d0c073d8500f498a9a5e592172e1a9
-
SHA256
5a056284d1d1ed301db9889707086b4f90527b0e22965fc3a01cc1abd97a2972
-
SHA512
a5b5519be7fdb7955a3f90b810f81ae2d72a013946c4ca53cfc4a93843a4f2e7c9d48f3b9b8ffeb5a64428bd270e0a776b12a9df36a52086a03560fd8c9adf65
-
SSDEEP
12288:DysS9HkVoHI+KSiNHiNoDupsNztjDAfB/hRinA0vocxzpiQ:3sI+BgCGi+Hjcf0AQoszM
-
Formbook payload
-
Suspicious use of SetThreadContext
-