General
-
Target
EJbinzx.exe
-
Size
539KB
-
Sample
240418-pat21scg74
-
MD5
37e853f3f2cdaea613d1fcc317fa5795
-
SHA1
51bfdbb26dc7c497288165e5154be9d5ca0a8e20
-
SHA256
0eab8b2bd23f7d06734b61ba357c9fab1d97758eeb5afe2bd89fc293b88a8674
-
SHA512
b4f2be2fe009225d160003d57cf44b8a900775943f36e93e0d7343673de041ae4a632f46a3685027ad2d081123726cdc34b3c24335054c52d204b8b746ed680e
-
SSDEEP
12288:LEX0COq13ivCe7V+lTX9y/d0XoKRJ66+Scj5xqAjxUPy:i13iqe7VQpYK/oScT
Static task
static1
Behavioral task
behavioral1
Sample
EJbinzx.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
pui9
ukhcvu.cfd
hellofare.xyz
58452295.com
metalworks7.today
bells-club.com
worlditems.shop
gracehairus.com
insightpsychiatrywellness.com
bvg737.com
hcq.lat
found-of-166gu63li.com
hazcube.online
zagrosfoods.com
bjhtxxsc.com
rc-irk.net
bassement-seccures.sbs
elohiyminfotech.com
akiherock.online
351spaz.store
bj-up.asia
usa.lease
rong-group.net
leojh.link
hypnodiagnosis.space
amazonpublishingprocess.com
crashgamblinghub.com
kicategory.com
vfrg020.xyz
neurotictraveler.com
projectxua.online
whatagoof.com
wellbutrinforsaleonline.net
best-calculators.com
ellietterosehomes.com
mellomza.online
beshywapp.com
grantsassistanceforu.com
aucu.shop
9119k.vip
qianliyan.xyz
nengjulaiha.com
silesia.market
hapyyajh9v.com
wildchild.academy
magicinter.net
prettyrottin.com
sunlight-lamps-89105.bond
wwwwb8240.com
incandescent-bracelet.com
yzxinlang.com
theselfandsoulcompany.com
kevinhrankowski.com
rr2design.com
pokerhebatt2.com
tegassen.com
braiinspoolmining.com
ssongg11832.cfd
aiftx.com
starnetecosistems.site
govtnewswire.com
m5a2ls.com
monkshub.com
dentist-job-79074.bond
jepe777.live
bj201.xyz
Targets
-
-
Target
EJbinzx.exe
-
Size
539KB
-
MD5
37e853f3f2cdaea613d1fcc317fa5795
-
SHA1
51bfdbb26dc7c497288165e5154be9d5ca0a8e20
-
SHA256
0eab8b2bd23f7d06734b61ba357c9fab1d97758eeb5afe2bd89fc293b88a8674
-
SHA512
b4f2be2fe009225d160003d57cf44b8a900775943f36e93e0d7343673de041ae4a632f46a3685027ad2d081123726cdc34b3c24335054c52d204b8b746ed680e
-
SSDEEP
12288:LEX0COq13ivCe7V+lTX9y/d0XoKRJ66+Scj5xqAjxUPy:i13iqe7VQpYK/oScT
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-