General
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.13966.4765
-
Size
589KB
-
Sample
220530-c6fhaafafk
-
MD5
bc73f146c5f10a875ba645b7c9b567bd
-
SHA1
e65a9edc4bf551c9eb0f75e813980c3d96966203
-
SHA256
d4d430cfe4399aa57154854567d17ef118b6d0eee083b683f81957d2057949b0
-
SHA512
8a9468f68e6d752409c64da0acd990b2d742a1862744c6c248eb1c01a75791dc76f0f33c28d2889beb46c745087d0754aa8e645243f3924f14b2dd4baa7f6370
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetectNet.01.13966.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
t19g
playstationspiele.com
cakesbyannal.com
racepin.space
anti-offender.com
magnetque.com
farragorealtybrokerage.com
khuludmohammed.com
v33696.com
84ggg.com
d440.com
soccersmarthome.com
ofthis.world
fivestaryardcards.com
lusyard.com
gghft.com
viajesfortur.com
rationalirrationality.com
hanaramenrestaurant.com
exactlycleanse.com
martensenargentina.com
michellesellsvt.com
pupsloveandlondon.com
kfhym.world
makeuphoje.com
ebookrise.com
flesherbrothers.com
doonaudio.com
doanet.xyz
wrghintlian.com
davidchristl.com
domaintch.com
quotereflection.com
eroptikblog.xyz
iranianinvestmentclub.com
cp200motorola.com
vsenq.com
theamazonmovement.com
aspiteksoln.com
perkebunannews.com
myreverie.life
hrddf.com
gblaincreative.com
lipsstreet.com
xxf76.top
dureluxx.com
heldelicioso.com
taskconsulting.com
dongcunzhengfu.com
itohpe.com
abundantskill.com
fernhutco.com
hairgrowthxpert.com
intelligentreportscloud.com
maybesupply.com
7156.world
cr-marcelo.com
shequipamentos.com
villeenvie.net
robbyscreations.com
mpaohead.com
nailsa.biz
accoladesandmore.com
preppers.pro
pinpinduo2.xyz
allsofttech.com
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.13966.4765
-
Size
589KB
-
MD5
bc73f146c5f10a875ba645b7c9b567bd
-
SHA1
e65a9edc4bf551c9eb0f75e813980c3d96966203
-
SHA256
d4d430cfe4399aa57154854567d17ef118b6d0eee083b683f81957d2057949b0
-
SHA512
8a9468f68e6d752409c64da0acd990b2d742a1862744c6c248eb1c01a75791dc76f0f33c28d2889beb46c745087d0754aa8e645243f3924f14b2dd4baa7f6370
-
Formbook Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-