General
-
Target
Justificante de transferencia de facturas pendientes_20230731_FAC_040.exe
-
Size
667KB
-
Sample
230731-v1eynsag71
-
MD5
602d400c4c084e0d04a706769eaf0675
-
SHA1
38619ee4b91a8e6f5cd1ecee64e636309a834b38
-
SHA256
679e687ae1611a7eb7d00d06c9f8ae37b9168838c9ff9b822174f6b0de6304d0
-
SHA512
5ff0b161e4b0b3db16b3aa9e07ff71ba886b407fcf8aed40b387954e7c6bb7f84e2fe2d19763186481906c87f24dcf1f7e6e73bc3fedbcc14afa64bc3e9bf23a
-
SSDEEP
12288:y+uZdHYmJ+37GZaNSYYtEF6irFVay5JV7PteusADiji+Tqoc8wQfNr1W9:y+uDHYmQ37GZaQ+HewJpvsSOcQJw9
Static task
static1
Behavioral task
behavioral1
Sample
Justificante de transferencia de facturas pendientes_20230731_FAC_040.exe
Resource
win7-20230712-en
Malware Config
Extracted
formbook
4.1
jr22
941zhe.com
lunarportal.space
xn--osmaniyeiek-t9ab.online
trejoscar.com
nrnursery.com
quizcannot.cfd
seedstockersthailand.com
watsonwindow.com
wjfholdings.com
weziclondon.com
naruot.xyz
yeji.plus
classicmenstore.com
oharatravel.com
therapyplankits.com
keviegreshonpt.com
qdlyner.com
seithupaarungal.com
casinorates.online
8ug4as.icu
foamyfallscarwash.com
padelfaculty.com
theenergysavingcentre.com
dorpp.com
scoresendirect.online
yuqintw.com
erenortopedi.com
skymagickey.com
infinitepuremind.com
watchtamilmovie.com
southplainsinsurance.net
intentionaldating.app
certaproarkansas.com
blidai.com
thehoneybeeworks.com
followplace.com
sipsterbyananeke.com
37300.uk
bluebirdbuyers.com
composewithme.com
moneymundo.com
daftarakun.xyz
samsonm.com
nurse-jobs-in-us-35896.com
cancerbloodspecialistsga.net
feelfeminineagain.com
residentialcaretraining.com
allprocleanouts.com
englishsongs.online
bookkeepingdeerfield.com
bendcollegeadvisor.com
boaiqixian.com
vixensgolfcarts.com
igarrido.net
rsconstructiontrading.com
lakewayturf.com
carelesstees.com
silviaheni.xyz
iaqieqq.com
campingspiel.com
diacute.com
thaigeneratortg.com
autoreenter.com
meclishaber.xyz
airbnbtransfers.com
Targets
-
-
Target
Justificante de transferencia de facturas pendientes_20230731_FAC_040.exe
-
Size
667KB
-
MD5
602d400c4c084e0d04a706769eaf0675
-
SHA1
38619ee4b91a8e6f5cd1ecee64e636309a834b38
-
SHA256
679e687ae1611a7eb7d00d06c9f8ae37b9168838c9ff9b822174f6b0de6304d0
-
SHA512
5ff0b161e4b0b3db16b3aa9e07ff71ba886b407fcf8aed40b387954e7c6bb7f84e2fe2d19763186481906c87f24dcf1f7e6e73bc3fedbcc14afa64bc3e9bf23a
-
SSDEEP
12288:y+uZdHYmJ+37GZaNSYYtEF6irFVay5JV7PteusADiji+Tqoc8wQfNr1W9:y+uDHYmQ37GZaQ+HewJpvsSOcQJw9
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-