General
-
Target
MajorRevision.zip
-
Size
263KB
-
Sample
230515-q2t2rsea7t
-
MD5
9291d9163cab80c9242879edc953e682
-
SHA1
19eb9e1a2183a1adb66c2fa1931324f955a94b12
-
SHA256
e3ec495aaad03bf794158b4503c20f8794614c960288fc6f6343ab174d213bf7
-
SHA512
883f1abed42b33fcf4f2b7d6a8fdef966a606c181bcf73e2d036909075b663234a20bd98cf6059c29be8e78d0bb3c43031e7e4a479a207907f8a81f09a4b27b8
-
SSDEEP
6144:F1Dgy1ZHuv1Hz2GM39bdOuGJnAJ7obJKANBEBP8EX8TrOjtE7cniwXHpEUocJsHM:FJlHK1HIGnJnAJ7obJKANBEB0LTrOJEA
Static task
static1
Behavioral task
behavioral1
Sample
MajorRevision.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
m82
jamesdevereux.com
artificialturfminneapolis.com
hongmeiyan.com
lojaderoupasbr.com
yit.africa
austinrelocationexpert.com
saiva.page
exitsategy.com
chochonux.com
klosterbraeu-unterliezheim.com
byseymanur.com
sblwarwickshire.co.uk
brazimaid.com
ciogame.com
bronzesailing.com
dwkapl.xyz
022dyd.com
compassandpathwriting.com
alphabet1x.com
selfcleaninghairbrush.co.uk
power-bank.co.uk
kickskaart.com
baumanbilliardsnv.com
bestcp.net
doghospitalnearme.com
mixano.africa
helarybaber.online
illubio.com
ciutas.com
ldpr33.ru
killtheblacks.com
cassino-portugal.com
danhaii.com
gvtowingservice.com
let-travel.africa
dental-implants-67128.com
facetaxi.xyz
ctjh9u8e.vip
kyosaiohruri.com
executivepresencetrainer.com
greatharmony.africa
feelingsarereal.com
devopsuday.club
happiestminds-udemy.com
fittingstands.com
happyhousegarment.com
24daysofheaven.com
herhustlenation.com
xn--oy2b27nt6b.net
hothotcogixem.online
hausmeisterservice-berlin.net
hjddbb.com
stoutfamilychiro.com
bookishthoughtsbychristy.com
gibellinaheartquake.com
8cf1utrb6.xyz
patrick-daggitt.com
ebcbank.net
angel909reviews.com
arcteryxsouthafricaonline.com
cutematvhy.com
art2z.com
bulkforeverstamps.com
heatbling.com
despachocontablequinsa.com
Targets
-
-
Target
MajorRevision.exe
-
Size
348KB
-
MD5
93b2754b3afa34b828cb071f036a8d31
-
SHA1
db5fe2d1ac4bebb309b76dfa01dd6024152d8963
-
SHA256
42dc8c1b59e676d065485a22fb11939ad1eac5114d0aba1e841cc404ebc08305
-
SHA512
627109227413f4caa4390a203a6cac2a526656f7a7cd2bb8dbafc6ede6f6af4f7646a19c67a30568374e331c2671286244482c9d44416069997838876bae4db4
-
SSDEEP
6144:AKWU8NrrXs+WsHmwZTbiDXRGgXn7jto/miDSEMZGlEjqZSHeQbn:AU8pIdxn7jevD1XM
-
Formbook payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-