General
-
Target
Salary Increament.exe
-
Size
1.0MB
-
Sample
240717-ltv7msyckg
-
MD5
d7ec81e472472a0428de8191f28ccdf0
-
SHA1
a603d1bc8ef7ac10d30c156d3ad70c7a716d01e0
-
SHA256
e9e614a16e3250dc0fdd6fd01247ab76f65d146466c5977b06ffb716d7438cae
-
SHA512
8653372938d81d727b480594f670742481f4be767877a2b03f89d26368b327c7e0da4d0c73f633de2a03701b9492d90554ee8232072b81eb7c89e65d90a602f7
-
SSDEEP
24576:4AHnh+eWsN3skA4RV1Hom2KXMmHa6eq8DsiCQ5:/h+ZkldoPK8Ya63it
Static task
static1
Behavioral task
behavioral1
Sample
Salary Increament.exe
Resource
win7-20240704-en
Malware Config
Extracted
formbook
4.1
ty31
jejakunik.com
inb319.com
jifsjn.buzz
gkyukon.site
43443.cfd
cogil69id.com
oeaog.com
lpgatm.com
mymarketsales.com
tomclk.icu
404417.online
nysconstruction.com
ourwisequote.com
ahsanadvisory.com
ottawaherps.com
forevermust.com
apartments-for-rent-47679.bond
kdasjijaksdd.icu
buthaynah.com
manggungjayakanopi.com
cookygan.com
regalessencebeautystudio.com
material.directory
szxart.xyz
ykdbyjk.xyz
hankahve.com
tiituitdsa.net
avantbrews.com
springpace.com
seriesjeans.com
technikwunder.com
angellsonline.com
soujany.com
buysleepp.com
voltvanbage.com
qdhaohuisuan.com
bluedolphinshop.com
aguanegocios.com
abstractdiffusion.com
bahisanaliz16.xyz
weight-loss-34761.bond
x216.icu
twmallll.com
poalsdji.buzz
agtsolargrowth.biz
pixelcloudtec.com
0512155.com
mypsychedeliceducation.com
0306951.top
screw-air-compressor.com
10140wildhawk.com
antheaclinic.com
tppclients.com
needpickleball.com
iraq-visions.com
rtpbonanza138.skin
wjzjs.com
dw6msr8.icu
lepriossa.com
tiktokglobal.shop
youwu.autos
tripshipglobal.com
ncpekingducktogo.com
winbd24.com
xiaobanhome.com
Targets
-
-
Target
Salary Increament.exe
-
Size
1.0MB
-
MD5
d7ec81e472472a0428de8191f28ccdf0
-
SHA1
a603d1bc8ef7ac10d30c156d3ad70c7a716d01e0
-
SHA256
e9e614a16e3250dc0fdd6fd01247ab76f65d146466c5977b06ffb716d7438cae
-
SHA512
8653372938d81d727b480594f670742481f4be767877a2b03f89d26368b327c7e0da4d0c73f633de2a03701b9492d90554ee8232072b81eb7c89e65d90a602f7
-
SSDEEP
24576:4AHnh+eWsN3skA4RV1Hom2KXMmHa6eq8DsiCQ5:/h+ZkldoPK8Ya63it
-
Formbook payload
-
Suspicious use of SetThreadContext
-