General
-
Target
5b3e128e3d2f94bf536d156207f1c0758dd0ae178496be9e5c82db419bf138e2
-
Size
396KB
-
Sample
220625-lly9bsfadr
-
MD5
8a7e582e85cb994d6f0d728cf8de1a95
-
SHA1
551b6792a7651524790411bdc36211b273bcf6fa
-
SHA256
5b3e128e3d2f94bf536d156207f1c0758dd0ae178496be9e5c82db419bf138e2
-
SHA512
baff739c3f1213f72d7b64291795156d1ad9fdc9fe8ddb28c244262b6ad2a46af8b1d2786195be6d9aced2f8da256c1190bc02d37689d8d3b8f2640ca97d88f0
Static task
static1
Behavioral task
behavioral1
Sample
5b3e128e3d2f94bf536d156207f1c0758dd0ae178496be9e5c82db419bf138e2.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
3.9
h376
sentyrzproperties.info
onlineapplicationservices.com
cheesecakedays.com
royalanthem.com
mayortombradley100.com
tpcomsoftware.com
sed26178.com
returngenius.com
paypal-account-secure.com
smashsoluciones.com
fineefeed.life
saja.ltd
hurricaneirmaclaimsfl.info
7069192.com
karneshomegoods.com
349h.com
per-neters.com
zzshenghua.com
uresuncoast.com
meu-condominio-online.com
djidronetoday.com
normande-asia.com
reflowhub.com
db-ys.com
qinyuanyupin.com
sjblades.com
bxtzmb.com
700ope.com
jisuweixin.com
cmv-conseil.net
goodlessdermatology.biz
zsark.loan
breastcarehk.com
isdeo.date
naturetechnologycollective.com
geminiceilings.com
tgbc.solutions
chinahmjy.com
kkkk013.com
hannatranslation.com
patternmatching.review
rockraisin.com
mesamassagebodywork.com
xinshikuai.com
designstudio.digital
cplfr.com
rubber11.com
headbassmusic.com
xn--miqw83a58c.com
caga.ltd
zhisoufendi.com
speakbit.online
psdagueda-juliotendeiro.com
samsorapremier.top
schoemannteam.com
bonesinbroth.com
judytorreslifecoach.com
sophisteel.com
on124.com
magasindegascogne.mobi
allgaymenteasing.com
hypedapparel.com
denootzaak.net
haraldvorraber.com
boxcay.com
Targets
-
-
Target
5b3e128e3d2f94bf536d156207f1c0758dd0ae178496be9e5c82db419bf138e2
-
Size
396KB
-
MD5
8a7e582e85cb994d6f0d728cf8de1a95
-
SHA1
551b6792a7651524790411bdc36211b273bcf6fa
-
SHA256
5b3e128e3d2f94bf536d156207f1c0758dd0ae178496be9e5c82db419bf138e2
-
SHA512
baff739c3f1213f72d7b64291795156d1ad9fdc9fe8ddb28c244262b6ad2a46af8b1d2786195be6d9aced2f8da256c1190bc02d37689d8d3b8f2640ca97d88f0
-
Formbook Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-