General
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.29221.12172
-
Size
478KB
-
Sample
220621-d362haadfk
-
MD5
cd6b78a456e3f72a4a48c866602bc617
-
SHA1
8e56e555ba4a208f038730c1d89a8fc1b93b77f5
-
SHA256
4b8c3b49cc5ceaea396ffc0444d625d7cc3c231b973f2775a23ab3cafece504d
-
SHA512
be706bbfa28e6de8d1721739c505ab77762563f47a65578119620e5ceca1e7b9f2010171abce9d4b79f7c2250f6dc5433448a0825038be96d5a1578a44f6a933
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetectNet.01.29221.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
t19g
playstationspiele.com
cakesbyannal.com
racepin.space
anti-offender.com
magnetque.com
farragorealtybrokerage.com
khuludmohammed.com
v33696.com
84ggg.com
d440.com
soccersmarthome.com
ofthis.world
fivestaryardcards.com
lusyard.com
gghft.com
viajesfortur.com
rationalirrationality.com
hanaramenrestaurant.com
exactlycleanse.com
martensenargentina.com
michellesellsvt.com
pupsloveandlondon.com
kfhym.world
makeuphoje.com
ebookrise.com
flesherbrothers.com
doonaudio.com
doanet.xyz
wrghintlian.com
davidchristl.com
domaintch.com
quotereflection.com
eroptikblog.xyz
iranianinvestmentclub.com
cp200motorola.com
vsenq.com
theamazonmovement.com
aspiteksoln.com
perkebunannews.com
myreverie.life
hrddf.com
gblaincreative.com
lipsstreet.com
xxf76.top
dureluxx.com
heldelicioso.com
taskconsulting.com
dongcunzhengfu.com
itohpe.com
abundantskill.com
fernhutco.com
hairgrowthxpert.com
intelligentreportscloud.com
maybesupply.com
7156.world
cr-marcelo.com
shequipamentos.com
villeenvie.net
robbyscreations.com
mpaohead.com
nailsa.biz
accoladesandmore.com
preppers.pro
pinpinduo2.xyz
allsofttech.com
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.29221.12172
-
Size
478KB
-
MD5
cd6b78a456e3f72a4a48c866602bc617
-
SHA1
8e56e555ba4a208f038730c1d89a8fc1b93b77f5
-
SHA256
4b8c3b49cc5ceaea396ffc0444d625d7cc3c231b973f2775a23ab3cafece504d
-
SHA512
be706bbfa28e6de8d1721739c505ab77762563f47a65578119620e5ceca1e7b9f2010171abce9d4b79f7c2250f6dc5433448a0825038be96d5a1578a44f6a933
-
Formbook Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-