General
-
Target
5e356ba0663601a704ff745bf4e38b9a8ee7ececcd5443da641d46c30a04de07
-
Size
355KB
-
Sample
241030-st87tsxpaq
-
MD5
aa5a473625665e9702e4af5cd313a456
-
SHA1
067be80b521eb5d6c96a8ee6c5032b16a82fd68e
-
SHA256
5e356ba0663601a704ff745bf4e38b9a8ee7ececcd5443da641d46c30a04de07
-
SHA512
01bebe9bf16c229b910071bffb28dbbf0fd7eaa14e5a2047d067dd17351c22e2b5b44a0a88a2747816adbe55f5e9dc603134388ce5d5a592e50bee92fcca2891
-
SSDEEP
6144:/Ya6whhgKy4AwQ0F/OzoSDi5A+rDHKQB24z6WidcIP3vUu/gHdfFAJDkcGNB6iOf:/Ym3E4Ab4go4EDHpBlzxNI/Mu/g9OocF
Static task
static1
Behavioral task
behavioral1
Sample
5e356ba0663601a704ff745bf4e38b9a8ee7ececcd5443da641d46c30a04de07.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5e356ba0663601a704ff745bf4e38b9a8ee7ececcd5443da641d46c30a04de07.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/jpjcr.dll
Resource
win7-20241010-en
Malware Config
Extracted
formbook
4.1
sn26
resenha10.bet
gulshan-rajput.com
xbus.tech
z813my.cfd
wlxzjlny.cfd
auntengotiempo.com
canada-reservation.com
thegiftcompany.shop
esthersilveirapropiedades.com
1wapws.top
ymjblnvo.cfd
termokimik.net
kushiro-artist-school.com
bmmboo.com
caceresconstructionservices.com
kentuckywalkabout.com
bringyourcart.com
miamiwinetour.com
bobcatsocial.site
thirdmind.network
4tbbwa.com
rhinosecurellc.net
rdparadise.com
radpm.xyz
thewhiteorchidspa.com
clhynfco.cfd
ngohcvja.cfd
woodennickelcandles.com
gg18rb.cfd
qcdrxwr.cfd
974dp.com
lagardere-vivendi-corp.net
chestnutmaretraining.com
seosjekk.online
ahevrlh.xyz
uedam.xyz
natrada.love
yoywvfw.top
unifiedtradingjapan.com
chinakaldi.com
agenciacolmeiadigital.com
wdlzzfkc.cfd
097850.com
xingcansy.com
uahrbqtj.cfd
charliehaywood.com
witheres.shop
sqiyvdrx.cfd
biopfizer.com
tiktokviewer.com
prftwgmw.cfd
sfsdnwpf.cfd
linkboladewahub.xyz
orvados.com
goodshepherdopcesva.com
christianlovewv.com
cdicontrols.com
hawskio26.click
ownlegalhelp.com
tiydmdzp.cfd
ppirr.biz
stonyatrick.com
itsamazingbarley.com
msjbaddf.cfd
zachmahl.com
Targets
-
-
Target
5e356ba0663601a704ff745bf4e38b9a8ee7ececcd5443da641d46c30a04de07
-
Size
355KB
-
MD5
aa5a473625665e9702e4af5cd313a456
-
SHA1
067be80b521eb5d6c96a8ee6c5032b16a82fd68e
-
SHA256
5e356ba0663601a704ff745bf4e38b9a8ee7ececcd5443da641d46c30a04de07
-
SHA512
01bebe9bf16c229b910071bffb28dbbf0fd7eaa14e5a2047d067dd17351c22e2b5b44a0a88a2747816adbe55f5e9dc603134388ce5d5a592e50bee92fcca2891
-
SSDEEP
6144:/Ya6whhgKy4AwQ0F/OzoSDi5A+rDHKQB24z6WidcIP3vUu/gHdfFAJDkcGNB6iOf:/Ym3E4Ab4go4EDHpBlzxNI/Mu/g9OocF
-
Formbook family
-
Formbook payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/jpjcr.dll
-
Size
313KB
-
MD5
efdd576c2222fc15deda23856b0fd2d4
-
SHA1
ff32fac3eef79b7919ad4d82922fb61bbb423421
-
SHA256
6b4e610d13f3b3bb9fea6236cecd56e85ff3b9d0c9ff1d3aca5f8137dda19830
-
SHA512
079f0dbd6e22255f5d6cddfab33aae57ece737340f23131ed3ece3a7d7266001736a8b814d74e737831c4145ce3600c5f68ac2446cd040751c4fb84763d196c0
-
SSDEEP
6144:fxnmIZZZPbJbu0p4KhFhFnAtZcj0MLMOSJfVfol:fxmI35Jbue4KhHI+wzs
-
Formbook family
-
Formbook payload
-
Suspicious use of SetThreadContext
-