General
-
Target
Longmark PO.exe
-
Size
630KB
-
Sample
231011-yzvvaace44
-
MD5
d4bf115aa1488313dff7d2b0af4d1854
-
SHA1
0215dae293f61481fc511a4f7dc038b21302191f
-
SHA256
f93c2d5447563c24b8a60a7404a32155093ecf40afeb7345490bc8ba2e87cd14
-
SHA512
a569da6f252c474316c62f95649d38f1f4aa2149b948747b6f88c220d77d560f15331de51aeb841232532d9fc9fb7240772bd2bf18a95223a00b77ccc0118a0e
-
SSDEEP
12288:QrD6nPCz35UKbhwTjSmbgbTyzEBWVcSqZCNptL8aPvaDCrj2qe+ip50KDO:iDD3RQjSm8bTyAUVcctb2Q0cKD
Static task
static1
Behavioral task
behavioral1
Sample
Longmark PO.exe
Resource
win7-20230831-en
Malware Config
Extracted
formbook
4.1
m0u5
thefdigroup.com
ashirovinc.com
nbkbj.com
sundirect.cloud
watertreegirls.com
transportevolpara.com
shohagit.com
warna99.net
infsodex.online
fansjolt.com
ourrajasthan.com
secretgardenbuys.com
italyimportvinhos.com
gxzfwx.com
aujhgk.buzz
75313a.com
tertians.com
asansys.net
jacksonsportsmemorabilia.com
globalkamp305.com
2889388.com
houseofbrands.info
nicebatting.com
multconversa.net
topdelta9.com
hyatth.com
doop.store
7jr5z3sq.click
teachingmetech.com
cinema24hd.com
twsyywvz.click
shoptidyhaven.com
heartfulhealingandwellness.com
nowpropel.com
lpmvacationvillas.com
musclemagnate.com
qpicusa.online
wolfonic.com
southwaltoncity.com
poicxz.xyz
azoden.com
spphn.com
collinshumaker.com
spotlightand.com
skillfixr.com
royalplywoods.com
florencemedicareagency.com
elixirjuicessv.com
deluxert.shop
flexicapitals.com
orvmanga.com
kaijurust.com
baodainovel.com
513943440.xyz
worldwidelogisticsco.com
fhmixtvh.click
gilbertdoggroomer.com
yth00001.com
canyouwoohoo.com
heraldmechanic.com
page-to-starts-game.website
lynkeechow.net
paigejaphet.shop
jokerbet550.com
usiclfdl.click
Targets
-
-
Target
Longmark PO.exe
-
Size
630KB
-
MD5
d4bf115aa1488313dff7d2b0af4d1854
-
SHA1
0215dae293f61481fc511a4f7dc038b21302191f
-
SHA256
f93c2d5447563c24b8a60a7404a32155093ecf40afeb7345490bc8ba2e87cd14
-
SHA512
a569da6f252c474316c62f95649d38f1f4aa2149b948747b6f88c220d77d560f15331de51aeb841232532d9fc9fb7240772bd2bf18a95223a00b77ccc0118a0e
-
SSDEEP
12288:QrD6nPCz35UKbhwTjSmbgbTyzEBWVcSqZCNptL8aPvaDCrj2qe+ip50KDO:iDD3RQjSm8bTyAUVcctb2Q0cKD
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-