General
-
Target
7618736142.zip
-
Size
487KB
-
Sample
220620-1n9keadfa6
-
MD5
9f15c357a368ac44f7fb1fa9b829f0b9
-
SHA1
1f0f00fd0399746a1a36f29753780b0fec990324
-
SHA256
9ba1ea795f10bb4874820563123887137d66f0f30cefb2229fe8d31f1ffafc83
-
SHA512
14a07c1b770c1549deac81dc9338a59ce6d6a59354c0c1f48aec54ae14dc62ef2114b4c68f1405879944c04763a5beda360ba2d288dbaf12e65527d27c805552
Static task
static1
Behavioral task
behavioral1
Sample
262fb779ec6fd7c58573c11480f2293f7680b38d3b62eb9acea9d228ed0a2f09.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
t19g
playstationspiele.com
cakesbyannal.com
racepin.space
anti-offender.com
magnetque.com
farragorealtybrokerage.com
khuludmohammed.com
v33696.com
84ggg.com
d440.com
soccersmarthome.com
ofthis.world
fivestaryardcards.com
lusyard.com
gghft.com
viajesfortur.com
rationalirrationality.com
hanaramenrestaurant.com
exactlycleanse.com
martensenargentina.com
michellesellsvt.com
pupsloveandlondon.com
kfhym.world
makeuphoje.com
ebookrise.com
flesherbrothers.com
doonaudio.com
doanet.xyz
wrghintlian.com
davidchristl.com
domaintch.com
quotereflection.com
eroptikblog.xyz
iranianinvestmentclub.com
cp200motorola.com
vsenq.com
theamazonmovement.com
aspiteksoln.com
perkebunannews.com
myreverie.life
hrddf.com
gblaincreative.com
lipsstreet.com
xxf76.top
dureluxx.com
heldelicioso.com
taskconsulting.com
dongcunzhengfu.com
itohpe.com
abundantskill.com
fernhutco.com
hairgrowthxpert.com
intelligentreportscloud.com
maybesupply.com
7156.world
cr-marcelo.com
shequipamentos.com
villeenvie.net
robbyscreations.com
mpaohead.com
nailsa.biz
accoladesandmore.com
preppers.pro
pinpinduo2.xyz
allsofttech.com
Targets
-
-
Target
262fb779ec6fd7c58573c11480f2293f7680b38d3b62eb9acea9d228ed0a2f09
-
Size
590KB
-
MD5
e49800b715646a9d30281adb67eedc80
-
SHA1
cde536845aa356ad2913f19145156a8289c999c6
-
SHA256
262fb779ec6fd7c58573c11480f2293f7680b38d3b62eb9acea9d228ed0a2f09
-
SHA512
df455c186e1a4c14d5bcd484ab18f97717887cbffe313abebbca8ed3f924492eab1f719b2e2fd4387a6e9ea99c119452c05de380d1daa4e8936fcd4a17eb408a
-
Formbook Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-