General
-
Target
tmp
-
Size
1.2MB
-
Sample
231011-zs4paada5y
-
MD5
ced4af5a976fb361bfded06260f5985f
-
SHA1
a4d8b6552d82bf400bd2c5177263d37d044b079a
-
SHA256
ca26fd8d4675cfec9eee79a402ce93024e4b817655df0307ba3d9dba93f918b2
-
SHA512
c506f535ee9038d7eb990e524de1da60f880c3fd1491a2ad4229c6cea90d3f080f42deb6e30fcc9194b989821abf0f50681526debaf46d4f6ac09ea906a7efa7
-
SSDEEP
24576:jQ3IGH0kofhzE+S/MG5woa+2LvDtn0fEcz2raO/bwntZKozPOPCnsoO+LY:jQ3I7JzE+I5pCDJ0++O/bw7K8uCnsaU
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230831-en
Malware Config
Extracted
formbook
4.1
ro12
start399.com
decyfincoin.com
binguozhijiaok.com
one45.vip
55dy5s.top
regmt.pro
2ahxgaafifl.com
xn--6rtp2flvfc2h.com
justinmburns.com
los3.online
fleshaaikensdivinegiven7llc.com
servicedelv.services
apexcaryhomesforsale.com
shuraop.xyz
sagetotal.com
gratitude-et-compagnie.com
riderarea.com
digitalserviceact.online
contentbyc.com
agenda-digital-planner.com
senior-living-91799.bond
navigationexperiments.com
tiktok-shop-he.com
qualityquickprints.com
ddbetting.com
navigatenuggets.com
indiannaturals.online
xzgx360.com
xlrj.asia
seagaming.net
saltcasing.info
pq-es.com
doubleapus.com
speedgallery.shop
millions-fans.com
ktrandnews.com
niaeoer.com
60plusmen.com
nala.dev
costanotaryservice.com
palokallio.net
sportsynergyemporium.fun
fathomtackle.com
computer-chronicles.com
valeriaestate.com
holzleisten24.shop
ps212naming.com
blessed-autos.com
rptiki.com
bjykswkj.com
vorbergh.info
ssongg273.cfd
thevitaminstore.store
easyeats307.com
mcied.link
ssongg1620.cfd
y-12federalcreditunion.top
jlh777.com
no5th3267.top
toolifyonline.com
hcsjwdy.com
ypwvj8.top
hja357b.com
bajie6.com
pwpholdings.com
Targets
-
-
Target
tmp
-
Size
1.2MB
-
MD5
ced4af5a976fb361bfded06260f5985f
-
SHA1
a4d8b6552d82bf400bd2c5177263d37d044b079a
-
SHA256
ca26fd8d4675cfec9eee79a402ce93024e4b817655df0307ba3d9dba93f918b2
-
SHA512
c506f535ee9038d7eb990e524de1da60f880c3fd1491a2ad4229c6cea90d3f080f42deb6e30fcc9194b989821abf0f50681526debaf46d4f6ac09ea906a7efa7
-
SSDEEP
24576:jQ3IGH0kofhzE+S/MG5woa+2LvDtn0fEcz2raO/bwntZKozPOPCnsoO+LY:jQ3I7JzE+I5pCDJ0++O/bw7K8uCnsaU
-
Formbook payload
-
Deletes itself
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-