General
-
Target
Purchase Order Project No.8873_ECOFIX.exe
-
Size
101KB
-
Sample
240701-gnk29s1dmm
-
MD5
5b93648ff0ed23f7a77cf8ba1c7dfd29
-
SHA1
4ab10dc761f140b00a880699b5b71d67d000f4b9
-
SHA256
9cca5ee417bb9929c186dc8c2daa8f645e23fc7b1c32c0cb18fef77ef728c7ca
-
SHA512
be2c33e988f20a153e0c922b9458c997ca93e349e7127bc83c95cc45d440dc2734870f862c0f7dede4a81f5fa5ecbf6d006aa65a63a7bbb3d38b42ac90df88af
-
SSDEEP
1536:n8D9sbgCMGEEEEEEEEEEEbEEzEEEbEEEEEEbEEEEEEbEEEEEEbEEEEEEEbEbE3kK:n8D9sbgCM5M7C34gj7
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order Project No.8873_ECOFIX.exe
Resource
win7-20240508-en
Malware Config
Extracted
formbook
4.1
b2du
jaiesgae.online
rorysmysticrodeo.com
wd-freight.net
nfttwinning.com
yuguomall.com
lobotomizai.com
dermatologist-jobs-62886.bond
laineway.com
epistlesmultimedia.com
135w52st30a.com
kqoik2x6me.asia
murinoreactsrf.online
donnarainslegacy.com
maison-roc.com
majestyjewelss.com
suksesbersama.live
skillpraxis.com
lncnln.top
79iwin.top
rentasmoking.shop
i-maroc.online
uagerin.site
vitalwatchofficial.com
75840.xyz
bonavi.net
yilianmail.com
brandongarrett.biz
2182275.com
682032.com
nowstack.dev
dscostruzioni1982.com
harprus.xyz
kynanglanhdao.com
aquatum.com
weepitch.com
tokaiboyschallenger.com
bambzoo.com
bajandoideas.com
hgcustomcabinets.com
onjabet724164.top
padisahbet587.com
aleksi1.com
scoyf.net
barcaparfum.com
checosbar.online
wujin1.site
sedmac.com
ggdrop.uno
chatient.com
oleksandr.fun
olitoyoga.com
07876.store
megadurian.com
cahayaanugerahkreasi.com
sinisterfairytales.com
istanbulyeditepe.net
emt9933.click
lundellpartnersllp.com
jaw3l.dev
drprji.cfd
be5e.com
bong.ooo
wjziyuan.com
jgo-bitume.com
5ggt22m8.xyz
Targets
-
-
Target
Purchase Order Project No.8873_ECOFIX.exe
-
Size
101KB
-
MD5
5b93648ff0ed23f7a77cf8ba1c7dfd29
-
SHA1
4ab10dc761f140b00a880699b5b71d67d000f4b9
-
SHA256
9cca5ee417bb9929c186dc8c2daa8f645e23fc7b1c32c0cb18fef77ef728c7ca
-
SHA512
be2c33e988f20a153e0c922b9458c997ca93e349e7127bc83c95cc45d440dc2734870f862c0f7dede4a81f5fa5ecbf6d006aa65a63a7bbb3d38b42ac90df88af
-
SSDEEP
1536:n8D9sbgCMGEEEEEEEEEEEbEEzEEEbEEEEEEbEEEEEEbEEEEEEbEEEEEEEbEbE3kK:n8D9sbgCM5M7C34gj7
-
Formbook payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-