General
-
Target
9f61af191c20dc0eb90a92558e74059f
-
Size
1.1MB
-
Sample
240216-ehmb2ahc98
-
MD5
9f61af191c20dc0eb90a92558e74059f
-
SHA1
d16ddfebb7f36d76e6bac7f0010326ad51881f66
-
SHA256
b21eb6d14eae70e233132e7fa4e99fb282209f1c6ea8ba4d984e9585ee965e87
-
SHA512
9927573c6ab78921c467a54c8c9d5d1505a58986f9b63e55e7549237468072010dfdc6306dad3d96f94cda36a56b3e70847089cd9137ea805aa62723e9df8480
-
SSDEEP
12288:gJbARFY82gtPM6bSvJPpv1anYsVNGa1buEAr6g/xDvcu11wAyY+O64UzmsRNFDX2:gJkyi34xLN4AyzOQKflisEnZi
Static task
static1
Behavioral task
behavioral1
Sample
9f61af191c20dc0eb90a92558e74059f.exe
Resource
win7-20231215-en
Malware Config
Extracted
formbook
4.1
dd2v
jkrqzmeyd.icu
cbluedottvwdshop.com
yhchen.space
premierhealthnwellness.com
szkuyaju.com
harvestmoonloans.net
dadematerial.com
mariaclarahairstudio.com
hwunvy.online
puloutjbmere.com
kossu1989.com
dubbedos.com
ncylis.com
hybrid-sol.com
travelature.com
gracefulcounts.com
66secretgarden.com
eslonyourcell.com
wisersponsorship.com
sepn3.com
mozambiquematrimony.com
valvulasyconexiones.com
drinksupercofee.com
universe-direct.com
alvesdeabreu.info
sitepew.life
tentenflower.net
jqclean.com
lotusinplay247.com
safaricaretransportation.com
bosscheschool.com
rentahome.online
syeddropship.com
dsavohv.icu
mainspaceforcontenting.club
onlinemedsus.com
getueaqaredre.com
raregirlgem.net
cohenone.com
luxsot.com
levelupbbqcleaning.com
bttjagalan.xyz
nisheying.com
2299diamond301.com
soilfoodwebofcolorado.com
postcomanetwork.com
directivewellness.com
adewalesolarin-maths.com
kumarendran.com
wgan3rdpartyserviceprovider.com
kidsclothing.center
lielm.com
codebcodeenforcement.net
cash4monero.com
greatlookingmom.com
laconices.com
q99f.com
olimpobarberiaspa.com
urockoffroad.com
bestselfcoachingforfitpros.com
collectionbypaty.com
hindustanpu.com
atlerz.com
strategyonerealty.com
fortmyerscruisevacation.com
Targets
-
-
Target
9f61af191c20dc0eb90a92558e74059f
-
Size
1.1MB
-
MD5
9f61af191c20dc0eb90a92558e74059f
-
SHA1
d16ddfebb7f36d76e6bac7f0010326ad51881f66
-
SHA256
b21eb6d14eae70e233132e7fa4e99fb282209f1c6ea8ba4d984e9585ee965e87
-
SHA512
9927573c6ab78921c467a54c8c9d5d1505a58986f9b63e55e7549237468072010dfdc6306dad3d96f94cda36a56b3e70847089cd9137ea805aa62723e9df8480
-
SSDEEP
12288:gJbARFY82gtPM6bSvJPpv1anYsVNGa1buEAr6g/xDvcu11wAyY+O64UzmsRNFDX2:gJkyi34xLN4AyzOQKflisEnZi
-
Detect ZGRat V1
-
Formbook payload
-
Suspicious use of SetThreadContext
-