General
-
Target
SAMPLE SPECS 80470.IMG.lzh
-
Size
568KB
-
Sample
231024-g5gfeada58
-
MD5
c041b0bdee70ee9f4f3f40d6e7c367ad
-
SHA1
4a334a31f259f3bcca66ebeeccbf913f749ed0ff
-
SHA256
d4b03adc9f43fdf72e1fdf48f76abd3a7404e91811cb91e0d6050631d8f9428e
-
SHA512
4dad8ffb10f9e4b5e7f930ea91240ca86a7cf1f25b998cdd89f2347aed463025d62542060c44957f9098f997c0125795224863b87959ed9a13225f0b71bd24b8
-
SSDEEP
12288:rkDR3xMefx0lX7+m4VFdoux/Onbj9Heu1cS+8s4B/9NNMkMoNm:r4De57aToht7+S+ANNM93
Static task
static1
Behavioral task
behavioral1
Sample
SAMPLE SPECS 80470.IMG.exe
Resource
win7-20231020-en
Malware Config
Extracted
formbook
4.1
ifrg
68czt.com
gvosmm.com
stakehs.fun
constructionloancalculator.net
arissahotel.com
mndhhy.store
961bets.com
legendsturf.com
hbcucuratefoundation.com
vespeciative.com
zysport.net
terravortex.cfd
tasteitmakeit.com
muversus.pro
kqguvq.cfd
despachomorelia.com
66tv982.xyz
wineroomcontractor.com
boat-insurance-today.world
sygree.net
cigarettesonlinestore.net
wholesomeroyal.com
nimbuscleaners.online
skatingisamazing.com
58457952.com
scnanhong.net
bitcock.net
bezobotnation.net
onesixthpress.com
bellasofisticada.com
alivenode.com
qagkqjps.asia
pokerhebatt7.com
bindalmegaprojects.com
ecolecsm.com
yljinjia.com
75241.shop
nitenitedidthis.com
zaesstudios.com
dewdrop.store
thegolfstore.net
acs-gabon.com
8651k.vip
hzchenzhang.com
ockqen.cfd
copperstatenods.com
healthsout.net
lennard.codes
695d.xyz
theavenuclinic.com
thzrcd.site
oliverstamatatos.com
imroahan.dev
ruffibuddy.xyz
metashop-02.online
h0kj.lat
gdminsheng.icu
zaphub.app
trust-official-2.com
ecodfairs.top
a88d.xyz
badaksegar01.click
creams-72542.bond
a4ilh1.cfd
transporteturisticofradan.space
Targets
-
-
Target
SAMPLE SPECS 80470.IMG.exe
-
Size
594KB
-
MD5
042ccf0e2d6aef91955adfb73a0ca523
-
SHA1
9a1665d41ccd27de2543a8f1f22ca126376ac4e0
-
SHA256
11270e75f748238153400a6756b6c6910308da6788734fc0ea1f18e1958aecf3
-
SHA512
165ffffce36767d09ec8150479c3d34a38b97f0205eb4e2b22ff9874c8fdfb801036c779eb58823e4546c5e69c93bd4ca0ca5ea1a2e5fa415956c3e858d7e1bf
-
SSDEEP
12288:nzfqBuaTijlCOW7FtRbb/SvCBQRYLBHaS+p8kNxcJ0adaMbVqWe/7f:nT6Ti0TL9jBQR8BHxkN8dEWY7
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-