General
-
Target
21052024_0325_20052024_RECIBO DE PAGO.zip
-
Size
536KB
-
Sample
240521-dytklsga27
-
MD5
b947e9f3101e719b253101dd317ec70b
-
SHA1
609552baad37be45b3717926fcdb23431acd6f57
-
SHA256
d13847c9f9d72d5a9f8b8cf2f5cb860841e0ef97068b61d1fa3ad57d7b0e826c
-
SHA512
f6eea0d4a4dc65cacd0c7c5bbfc27def1c6901308e6c2ec3a82bebdd99de2be58887063d5bd91e52c621c5499efa7da0e70724974488c5649568b8128f2ea79c
-
SSDEEP
12288:om9keqYou/DQSZifgeDy1Jfk5I2C10iXFbG+01eLDttPyZFWM:j9ks7/DlIfg0QJft2e0WauttPyyM
Static task
static1
Behavioral task
behavioral1
Sample
RECIBO DE PAGO.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
gy14
mavbam.com
theanhedonia.com
budgetnurseries.com
buflitr.com
alqamarhotel.com
2660348.top
123bu6.shop
v72999.com
yzyz841.xyz
247fracing.com
naples.beauty
twinklethrive.com
loscaseros.com
creditspisatylegko.site
sgyy3ej2dgwesb5.com
ufocafe.net
techn9nehollywoodundead.com
truedatalab.com
alterdpxlmarketing.com
harborspringsfire.com
soulheroes.online
tryscriptify.com
collline.com
tulisanemas.com
thelectricandsolar.com
jokergiftcard.buzz
sciencemediainstitute.com
loading-231412.info
ampsportss.com
dianetion.com
169cc.xyz
zezfhys.com
smnyg.com
elenorbet327.com
whatsapp1.autos
0854n5.shop
jxscols.top
camelpmkrf.com
myxtremecleanshq.services
beautyloungebydede.online
artbydianayorktownva.com
functional-yarns.com
accepted6.com
ug19bklo.com
roelofsen.online
batuoe.com
amiciperlacoda.com
883831.com
qieqyt.xyz
vendorato.online
6733633.com
stadtliche-arbeit.info
survivordental.com
mrbmed.com
elbt-ag.com
mtdiyx.xyz
mediayoki.site
zom11.com
biosif.com
aicashu.com
inovarevending.com
8x101n.xyz
ioherstrulybeauty.com
mosaica.online
venitro.com
Targets
-
-
Target
RECIBO DE PAGO.exe
-
Size
548KB
-
MD5
b74b83730731291a9af3bfdf0fc93376
-
SHA1
e8813c1f378b8c4bd599003c7e4e4e67a6975c27
-
SHA256
559b7d3cd4f753168995adb77f1f13c65e3e120aefd43a4bc931b02e05cfb389
-
SHA512
21f618b446172ceb11b17c4b3de7c198dd3d9df963fae0c447f46172697faa78ed4abb2035ab6378e8380593a1b7152766badd25ff4b8a0dedc00186f60fd00f
-
SSDEEP
12288:zeqUou7DQSZiPqebyTJjk5IaC50iXlbe+0tevDptPyeFWb:zQ77DlIPqeoJjtaQ0MaIptPyFb
-
Formbook payload
-
Adds policy Run key to start application
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-