General
-
Target
3e8bac2f692d7ec30b435f1555ed080ca79aa191fcf9f32dad8658243d3fcebe.cmd
-
Size
6KB
-
Sample
240710-txadcazfmg
-
MD5
258ffbda1b464ed86e65e5ae803f96d2
-
SHA1
d338e8f630c6839ff7f832605ec2aa3c78d4e865
-
SHA256
3e8bac2f692d7ec30b435f1555ed080ca79aa191fcf9f32dad8658243d3fcebe
-
SHA512
2fa183c88815f293fb3a5b5a03977250dcd6ac72c586d7028677d1137cd6b20f92adfb76880886319b57fe496c6c146c4e5c30f4e7104647e89a5be976683bd5
-
SSDEEP
192:T6Ix3c1+Dt0yCSKUQC7f7C5mUGBxgxvxC:T6xnXK76mxBuC
Static task
static1
Behavioral task
behavioral1
Sample
3e8bac2f692d7ec30b435f1555ed080ca79aa191fcf9f32dad8658243d3fcebe.cmd
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3e8bac2f692d7ec30b435f1555ed080ca79aa191fcf9f32dad8658243d3fcebe.cmd
Resource
win10v2004-20240709-en
Malware Config
Extracted
formbook
4.1
dd01
1prostitutki-chelyabinska.com
o2v7c.rest
something-organized.com
etc99.store
perksaccess.contact
consuyt.xyz
dscmodelpapers.com
dana88.lat
dumange.com
pointlomabarreboutique.com
djtmaga.net
dentisttanger.com
17251604.com
dogcatshoponline.com
eppgrandeur.com
jyty3500.com
felixkang.asia
xn--22ck2ci1dl0f7b7h.com
milliesrecruitment.com
www333804000.com
g90luv.vip
glamourverde.store
tzbgs.com
alpha-wealth.club
homestreamztv.com
alignedinvestment.com
ragwash.com
ultrakan.xyz
clearconceptslearning.com
explorewithnor.com
d-b-d.com
saltdrink.com
55957462.com
limbicmindset.com
baldomerotienda.com
yh-9.xyz
easyskinz.xyz
lovefulmindfulness.com
030303-11122222.cloud
sunpulse.store
rescapital.world
payizadlt.com
cindcxyshirts.shop
vnddq.biz
pvywgx235i.top
www708cc.vip
poa88koi.lol
aseasyas1234inc.net
ygudk.biz
tmdirtbikes.com
bqzprvkljhwtmnxy.net
qk09.top
aiatlant.com
zayinvest.com
intermediafx.com
lemonlight.fun
eurovisfilo.com
bluefrazer.com
835000suns.com
checkonly.net
bs2bestat.net
praywithus.space
huafu.site
radleyhealth.com
x6hk8.com
Targets
-
-
Target
3e8bac2f692d7ec30b435f1555ed080ca79aa191fcf9f32dad8658243d3fcebe.cmd
-
Size
6KB
-
MD5
258ffbda1b464ed86e65e5ae803f96d2
-
SHA1
d338e8f630c6839ff7f832605ec2aa3c78d4e865
-
SHA256
3e8bac2f692d7ec30b435f1555ed080ca79aa191fcf9f32dad8658243d3fcebe
-
SHA512
2fa183c88815f293fb3a5b5a03977250dcd6ac72c586d7028677d1137cd6b20f92adfb76880886319b57fe496c6c146c4e5c30f4e7104647e89a5be976683bd5
-
SSDEEP
192:T6Ix3c1+Dt0yCSKUQC7f7C5mUGBxgxvxC:T6xnXK76mxBuC
-
Formbook payload
-
Adds policy Run key to start application
-
Blocklisted process makes network request
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-