General
-
Target
Ordem de compra confirmada OC 215 Nortaluga Lda 08082023.exe
-
Size
806KB
-
Sample
230809-v8wamaff3v
-
MD5
5f41a9b656d58e1490e0689dfcbac025
-
SHA1
4f604324498d3b23c410f50cb20f4c7d0077115d
-
SHA256
b289fe67b0185e1ba0177f583675ce399772bf03fd813d47835c45427f71fbf0
-
SHA512
4246060c3885ce954b70252f68d7bd293672940c75a2a3a2fed7179320256239bd2bda1daaf89ecaf8b54be89f211ce799acd41d6fd2481c2e2e6a1b3fdc5e4a
-
SSDEEP
24576:Kik1oB0qnJjJuNXMJSCLAN548K7r26mgTlZ3:KikaBj7JYN548e26mi
Static task
static1
Behavioral task
behavioral1
Sample
Ordem de compra confirmada OC 215 Nortaluga Lda 08082023.exe
Resource
win7-20230712-en
Malware Config
Extracted
formbook
4.1
jr22
941zhe.com
lunarportal.space
xn--osmaniyeiek-t9ab.online
trejoscar.com
nrnursery.com
quizcannot.cfd
seedstockersthailand.com
watsonwindow.com
wjfholdings.com
weziclondon.com
naruot.xyz
yeji.plus
classicmenstore.com
oharatravel.com
therapyplankits.com
keviegreshonpt.com
qdlyner.com
seithupaarungal.com
casinorates.online
8ug4as.icu
foamyfallscarwash.com
padelfaculty.com
theenergysavingcentre.com
dorpp.com
scoresendirect.online
yuqintw.com
erenortopedi.com
skymagickey.com
infinitepuremind.com
watchtamilmovie.com
southplainsinsurance.net
intentionaldating.app
certaproarkansas.com
blidai.com
thehoneybeeworks.com
followplace.com
sipsterbyananeke.com
37300.uk
bluebirdbuyers.com
composewithme.com
moneymundo.com
daftarakun.xyz
samsonm.com
nurse-jobs-in-us-35896.com
cancerbloodspecialistsga.net
feelfeminineagain.com
residentialcaretraining.com
allprocleanouts.com
englishsongs.online
bookkeepingdeerfield.com
bendcollegeadvisor.com
boaiqixian.com
vixensgolfcarts.com
igarrido.net
rsconstructiontrading.com
lakewayturf.com
carelesstees.com
silviaheni.xyz
iaqieqq.com
campingspiel.com
diacute.com
thaigeneratortg.com
autoreenter.com
meclishaber.xyz
airbnbtransfers.com
Targets
-
-
Target
Ordem de compra confirmada OC 215 Nortaluga Lda 08082023.exe
-
Size
806KB
-
MD5
5f41a9b656d58e1490e0689dfcbac025
-
SHA1
4f604324498d3b23c410f50cb20f4c7d0077115d
-
SHA256
b289fe67b0185e1ba0177f583675ce399772bf03fd813d47835c45427f71fbf0
-
SHA512
4246060c3885ce954b70252f68d7bd293672940c75a2a3a2fed7179320256239bd2bda1daaf89ecaf8b54be89f211ce799acd41d6fd2481c2e2e6a1b3fdc5e4a
-
SSDEEP
24576:Kik1oB0qnJjJuNXMJSCLAN548K7r26mgTlZ3:KikaBj7JYN548e26mi
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-