General
-
Target
WvwNJkZ8jcQuUnb.exe
-
Size
650KB
-
Sample
240513-jbxlmsfd69
-
MD5
caf4420a85ac94a5e849b729c8cabbe8
-
SHA1
15514e5750a0e2b303c8319da6c95d43c2973097
-
SHA256
59fe7f5e271c05fc8db382a3cbd11834eaf4ddcdf9c16349f18db11df84d59d5
-
SHA512
bd9947d207de106dd644f1138ddd66f7a303808a1d4e80298da5bbf0021ff93f64b4d13cecbaed02019b945b7edc4cafddeb2d6dba9feba9da77de55a03dc4ed
-
SSDEEP
12288:++7TeH81jJUVzVDbEGDvJsmBOl/35XVg63d7pi/Pq3dag8JyGHwfjIyLxT+kR:Ba8MVBUGTJsBlvPgx/2yJrHjyLxTl
Static task
static1
Behavioral task
behavioral1
Sample
WvwNJkZ8jcQuUnb.exe
Resource
win7-20240220-en
Malware Config
Extracted
formbook
4.1
cn26
ajtsistemas.com
kolotylo.info
mraofficial.store
shopcupsareus.com
odishastatenews.in
yipicircle.life
bryve.shop
tempotrekstore.com
casinoslotsjoint.com
xiaoshuoxyz.com
art-birdsflyinghigh.com
odvip438.com
verlatservicios.com
bilocoin.world
lamaisonfacile.com
guojiang-v37.xyz
shsredgpoufnds.net
thequorumcompany.com
qf4h1tcpmgxor7b.skin
daisyjoanniezu.cyou
r41opxw1076r.shop
scientificmetalscorp.co
shopusuniform.com
j0mui3.shop
halqiuststone.com
hasenkamp.dev
549965.autos
nadarrawellness.com
31artspace.com
americanidolizing.com
vacaychateau.com
c377b2xq.shop
essere.love
e2olyiab.shop
skechersshoes-cz.com
laurabodyboost.com
laser-skin-treatment-19799.bond
theburnscleanteam.com
tiensbangladesh.net
sothana.top
hillingpowerhouse.com
kingelecpos.com
xn--y3rqw57i.com
foton.africa
emergencyresponsemd.com
0pjke0.vip
keepitkoming.shop
lamyahkalimi.com
dehamobilya.com
pornerbros.top
happyjumps.co
pool-repair-35063.bond
thepassionpact.shop
elroi-mexico.com
xztyvk.xyz
origenworld.com
licstarmfprabakar.com
asfaua.com
zenvip.club
seo-andorra.com
cgffwelcome.com
sswpdx.com
7jtsyx.pw
australiangamesgroup.com
tires-book-robust.bond
Targets
-
-
Target
WvwNJkZ8jcQuUnb.exe
-
Size
650KB
-
MD5
caf4420a85ac94a5e849b729c8cabbe8
-
SHA1
15514e5750a0e2b303c8319da6c95d43c2973097
-
SHA256
59fe7f5e271c05fc8db382a3cbd11834eaf4ddcdf9c16349f18db11df84d59d5
-
SHA512
bd9947d207de106dd644f1138ddd66f7a303808a1d4e80298da5bbf0021ff93f64b4d13cecbaed02019b945b7edc4cafddeb2d6dba9feba9da77de55a03dc4ed
-
SSDEEP
12288:++7TeH81jJUVzVDbEGDvJsmBOl/35XVg63d7pi/Pq3dag8JyGHwfjIyLxT+kR:Ba8MVBUGTJsBlvPgx/2yJrHjyLxTl
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-