General
-
Target
3170c18d47f7d8a188da758ac8018098
-
Size
659KB
-
Sample
231231-lrvs4aechk
-
MD5
3170c18d47f7d8a188da758ac8018098
-
SHA1
a8ad10f72dc61e3e1bdf88788725b7f941f03669
-
SHA256
7b72553cb79055a53309a3a8b771f7690cefe48dc0cad46d52a53cfb322e203a
-
SHA512
018d0a460036ae43ad17ea95fe41a30f24bee1258e8d70e8464f903b18f865f4e6de10bdb6f0d5bb2cdee4434a065923e6939df97144cac9f84a9292f5742a52
-
SSDEEP
12288:XTQku+UELEHi799mSNI0/X6J73ZiyYm5JGSA4AmlSoTADRNQmc6DjCDmomKZ1MpF:XTK+U52mzM6Z0mHGS5l0QR6Dj77uqH
Static task
static1
Behavioral task
behavioral1
Sample
letter ref MAKRA-303GN-017921 Dated 19th August 2021.pdf.exe
Resource
win7-20231215-en
Malware Config
Extracted
formbook
4.1
jdge
cungcaptapvu.com
lantianren.net
mydivorcepsychologist.com
bageurapparel.com
citydealmaker.com
historyegress.com
litekkutu.xyz
perksofkerala.com
flairmax.com
washingmachineservicerepair.xyz
organicbeauty.club
rehmazbeauty.com
goodgly.com
imtheonlyperson.systems
shbanjia199.com
mwfbd.com
halsonpipe.com
0927487.com
perfectpeachco.com
danielprok.com
townertoren.com
innerviewreflectionsofyou.com
fudgroups.info
ostfriesensuende.com
instafreefollowers.xyz
cryfortrade.com
wepavela.com
dwj-xj9bt.net
tiyujsqicai.com
chothuethietbiquayphim.com
behintejaratpourasa.com
thenotaryexperts.com
fncconline.com
poapay-com.xyz
nieght.com
tanheidl.com
storycraftinternational.com
freegunsafetytraining.com
latitudedaytonarealty.com
makeupheaven.club
fiathfirst.com
sonicdrovein.com
nationaltimesharerelief.com
crbhub.net
shopmocker.com
diversifiedhiring.com
angularjsacademy.com
jasoncordingleyart.com
healthybenefitsplustlus.com
vienkhopkhangbinh.asia
sstaylace.com
honolulumicroschools.com
zalihancehcp.net
cdnxsalty2.com
ylpsbla.com
bjcci.com
kingfisherwebsitesaustralia.com
distribuidoradetejados.com
xis-technology.com
yuthikaassociates.com
linqingxian.com
aimarshfly.com
simplydeliciouscooking.com
vyvelectricistas.com
headairload.com
Targets
-
-
Target
letter ref MAKRA-303GN-017921 Dated 19th August 2021.pdf.exe
-
Size
885KB
-
MD5
c489912068a72c74eb218562beeaaf8a
-
SHA1
6348afcd2c4645d983f6982bc3271646a3049fd5
-
SHA256
78ddeffb28de453b1235da58833f3e8532635bf556fb2ef23e25aa58b15506b0
-
SHA512
3d0ad7e47472b69026658d64017cc8aa30843c5757b521bb6edc7fdf8ec9a3bff889233ab38c8b3e58308beea2c150498ff78edef01b93107b3843881618b4b3
-
SSDEEP
12288:E3hYkBcPwb/nRlnGWsDzvFXQKoXVtnL+BpD2ePG72HrV7:hK/RlnE58fnKrvPG7gr
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-