General
-
Target
Waybill_Documents_ 8973245761.exe
-
Size
614KB
-
Sample
231024-f9gfjacf82
-
MD5
6c6b494076108f4180b42360dbf24c70
-
SHA1
57c5df87cd289ec423b4b897d12c2cecde055f23
-
SHA256
62f5f91f3533cffc8b6213b9cffeb8315f09d2219717d9477b08f470f312bc29
-
SHA512
f0189be211dadda1c41bd163e9bf675d1cd89b05efc9a120adc1d50ac63697d94e46720513c5a9dc8f03547d5e4a957b60e7911873da6a6b676425469f9a478b
-
SSDEEP
12288:7hNh6sxTA6qNhB6eN/v0/PnQqnqbJpCFfuiyaCAbT6YdeIh:7DDxs6g76eN/S/uJy8CbTSI
Static task
static1
Behavioral task
behavioral1
Sample
Waybill_Documents_ 8973245761.exe
Resource
win7-20231023-en
Malware Config
Extracted
formbook
4.1
ny02
unirewards.online
giaoxuthanhgia.com
jennifersarrasin.online
hotelcampestrelafloresta.com
rwardsuprefortunerabbit.website
wanguardplacements.com
myfittedbedroomboutique.com
romariiregenerative.com
fashionhabesha.online
q778.top
embodiedtruthmethod.online
petgoodies.store
prismeventsandtours.com
onlinedelight.tech
segoviaresidencial.com
livewin.win
qhyhxs.com
kemprut.com
sanghahealing.net
forcewealthpower.com
holiganbet8950.com
soloowl.com
hopefulvision.info
embroideryworkshawaii.com
bimasantya.com
nohtos.com
datanesttechnologies.shop
merv.top
aeras-pro.com
jennylynnphotographer.com
moitraholding.com
masoncaldwell.com
7-11pastors.com
petitepartystyling.com
usedcarsloveland.online
tamrastaxes.com
mithibites.com
thebaddiesclosetxo.com
hellohealthcare.net
auroreal.com
bho3ivq2j52cu5c.xyz
centralfloutpost.com
mulberry-silk.com
cortinasystores.com
ispartaigneiplik.com
trippytreats.club
nueseskincare.com
idsuper-41.online
merbitc.online
twistyourthrottle.com
golivecenter.online
wrirl.fun
goj2ha.top
becas-es-es.bond
q21m.com
refil3d.store
respectomat.com
naturalfoundation.store
myagedcareneeds.com
absisart.com
montanavineyard.com
artoffarm.com
womwealth.com
fureniyxui.com
bockinside.com
Targets
-
-
Target
Waybill_Documents_ 8973245761.exe
-
Size
614KB
-
MD5
6c6b494076108f4180b42360dbf24c70
-
SHA1
57c5df87cd289ec423b4b897d12c2cecde055f23
-
SHA256
62f5f91f3533cffc8b6213b9cffeb8315f09d2219717d9477b08f470f312bc29
-
SHA512
f0189be211dadda1c41bd163e9bf675d1cd89b05efc9a120adc1d50ac63697d94e46720513c5a9dc8f03547d5e4a957b60e7911873da6a6b676425469f9a478b
-
SSDEEP
12288:7hNh6sxTA6qNhB6eN/v0/PnQqnqbJpCFfuiyaCAbT6YdeIh:7DDxs6g76eN/S/uJy8CbTSI
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-