General
-
Target
26062024_1132_25062024_ORDER #8774598644.pdf.xz
-
Size
583KB
-
Sample
240626-nnsknssgje
-
MD5
8857cba15dd5187ef2628a28e02c4a91
-
SHA1
dafc6b939d879771e76f2dd7d788764202e704f0
-
SHA256
6d0a79ac97ad96ecfea9b89fe36249dc9eb6cbd2dd60fb46c463ad6d76d7bb02
-
SHA512
dcb8eb0ce3a984c0ce97c49b5e8f28257ec2c33dab1c62b59a953d05111db47691c037f779de11c4b382294e1d2e3f53a82290ecedc0faf545a02904b5048577
-
SSDEEP
12288:gQJj3rUkf3pnXcz/ogXjbSSY544KeFeG+/7ZkSFWDTfCboogVj:3rrbRu/SD544KeL+jvWchs
Static task
static1
Behavioral task
behavioral1
Sample
ORDER #8774598644.pdf.exe
Resource
win7-20231129-en
Malware Config
Extracted
formbook
4.1
rn94
st68v.xyz
conciergenotary.net
qwechaotk.top
rtpdonatoto29.xyz
8ad.xyz
powermove.top
cameras-30514.bond
vanguardcoffee.shop
umoe53fxc1bsujv.buzz
consultoriamax.net
hplxx.com
ndu.wtf
yzh478c.xyz
bigbrown999.site
xiake07.asia
resdai.xyz
the35678.shop
ba6rf.rest
ceo688.com
phimxhot.xyz
010101-11122-2222.cloud
champion-casino-skw.buzz
laku77.bar
popumail.net
stargazerastrology.click
beauty.university
t460.top
sparkyos.app
day2go.net
minrungis.shop
cognigrid.com
abandoned-houses-39863.bond
liderparti.store
hinet.tech
moviemax.live
business-printer-22001.bond
yakintv.pro
longmaosol.xyz
hello4d.dev
vestircool.store
surpriseinside.net
betflixfan.asia
ln2m1.shop
5302mcavt.website
conf-contact.online
31140.ooo
bdkasinoxox.xyz
nicoleb.tech
mainz-cruise-deals.today
run-run.tokyo
practicalfranchises.info
usmanovbanki-uz.space
superlottery.top
zabbet911.bet
ambassadorshipvottings.click
sangforln.tech
expertoffersusa.lat
plong.cloud
cryptoautomata.dev
dq33xa.xyz
handtools-16660.bond
24763wbk.hair
sportswear-30530.bond
lusuidnx.shop
laske.xyz
Targets
-
-
Target
ORDER #8774598644.pdf.exe
-
Size
1.0MB
-
MD5
2d3ee28273908c49fd61b2b682a77d7c
-
SHA1
52a9468e0a9815e6d4567de69e0fd46725904e26
-
SHA256
7775c0292610f35e3db09d7e06343f212a24e490085ee11f8121fa65db61dcfa
-
SHA512
38691df68b324fed73fcbffe369acce07d2ef948dfdedf40802ff73522c32b3c7f57de1a132d1b8d9e8b89f3d3fd1631411228bf2794d3e5a705d6cf349365ed
-
SSDEEP
24576:6AHnh+eWsN3skA4RV1Hom2KXMmHathMXQKuyroqVL5:Nh+ZkldoPK8YathMQK5oi
-
Formbook payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-