General
-
Target
mkhg_CDE_0915.rar
-
Size
293KB
-
Sample
231011-pkd4jsfb7w
-
MD5
cf804e2fd52ef19ea1885bc8b23128b2
-
SHA1
0ab7266affb47992cb48956bd1bfc11a999924dc
-
SHA256
f9e2630c091701b27dd620807655fce9c9db2dd36dfcf382feafd8ef165f0946
-
SHA512
a2350067ab37c39284554f32fcc448ca1c0ec91dc23725b6acb9d24929d8747b7ca8fd980903927743a02b06dbed5deef8cb206979ad82a6a15218bcf3953949
-
SSDEEP
6144:+C23nvoVpa53ISIA7u064JAjZqc9qg8+6zVN4:723QVpEIST7u8Jc99q+iT4
Static task
static1
Behavioral task
behavioral1
Sample
CDE 0915.exe
Resource
win7-20230831-en
Malware Config
Extracted
formbook
4.1
k13s
runbe.fun
factrip.com
zalenterprises.net
yoyufoods.com
soniakmahajan.com
jdfdht.site
provenimpact.net
hotelsmadridairport.com
avondalemclarenparts.com
champagnepelissot.com
dqnshtvn.click
barbarahensonrealestate.com
jrys117.top
amb168g.pro
zionsystem.live
highcaliberhusbands.com
dsc-marketing.com
outlemax.com
legalloanmaster.com
sky71.link
willispeng.com
guoguxin.com
087687303.xyz
ailearningprompts.com
surpcop.online
ihb4y.com
buscafincas.net
crstersite.com
ios333cbp.top
abilitytoday.news
aitechscope.com
ywx5pn.com
metasiliconvalley.com
haztutestamento.com
schrothny.com
workout.pictures
xyhbg.com
cheapagain.com
miszedbc.click
stopmichelle.net
laptopsofficial.com
arcade-games-88932.bond
premiumistudysolution.com
particlecraft.net
autoluxetrans.com
mydogandcatlover.com
annaregas.com
firstenergyconp.com
taikerism.com
dlandolfi.com
mtlywgbo.click
chordstalkstudios.com
liaozx.link
hiit4lifenorthbridge.com
maximskip.com
arcofuss.com
stoneleighview.info
nongsanvietco.com
platinum-entertainments.com
xxxmovs.world
webpanel.cfd
rrlearningcenter.com
ichsport.com
hkbnzb36a52z.xyz
landscapestandard.com
Targets
-
-
Target
CDE 0915.exe
-
Size
308KB
-
MD5
8198d6bfbb6195d1658d7949a98e33ff
-
SHA1
f0b4a41bd7dfd3e5eda456ab88de948407e3e8db
-
SHA256
46436c9504931b7cedc6f56121141a9cca7389258def5ccb0981b9bbe2301cc5
-
SHA512
54156e8483bcbe6a72df32a9aac438d9de82af956d6fac69c49a4cb1ab92863792dc1c0e27e44f0cd54f28136f3c72f6faca630e6a0f5734ebdbfcf17dc564d7
-
SSDEEP
6144:LnPdudwDWtQFrtD0AaHPcmQUW6aeyVze25Sqvv+1YErCuWWQVaIaIJDbiV0bu:LnPdatQptD6HIRegeFuv+6EtWrJ/w0bu
-
Formbook payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-