General
-
Target
Payment_Advice.zip
-
Size
38KB
-
Sample
220729-hgb2fsfac5
-
MD5
0f2458c5734406047ea2d6bd5629b284
-
SHA1
23f1bf5c73d34b4e961701038addbd41864b9d16
-
SHA256
ce1e65c971b7bd66d776a0b55cee6c1eab50dea3d5439e12904efbf5f2aef1a6
-
SHA512
0876ef0fa0ee0e93b60c63d8096669d355bdc9513502993bce8a63b20b29e4d04659f7b79128cd28900d9ca6ec10800829a2b5818020dad76b0736569a015497
Static task
static1
Behavioral task
behavioral1
Sample
Payment_Advice.exe
Resource
win7-20220715-en
Malware Config
Extracted
formbook
4.1
fs44
whneat.com
jljcw.net
pocodelivery.com
outofplacezine.com
yavuzcansigorta.com
xinhewood-cn.com
cartogogh.com
5avis.com
joyceyong.art
digitalsurf.community
blackcreekbarns.com
magazinedistribuidor.com
sportsgross.com
drevom.online
mayibeofservice.com
gareloi-digit.com
permitha.net
renaissanceestetica.com
facts-r-friends.com
dach-loc.com
thezuki.xyz
cerradoforte.com
yunjin-band.com
soleirasun.com
stoneyinsideout.com
a-sprut.store
verdistar.com
hivingly.com
trywork.net
bvpropertymanagement.com
calibrationprofessionals.com
mpalmcoffee.com
polygons-stakes.site
themomerator.com
payrollserviceform.com
luyensex.club
elon-drop.net
bluechipblog.com
suaempresaemcasa.com
experimentalcircus.art
vietnamesecuisines.com
i4zlyv.com
b23q.xyz
quantumap.com
sana-poratal.site
eastcoastguardfl.com
maxwell-caspar.com
pontochavelocacoes.com
nitsmm.site
tiffanyrockdesign.com
dgmlsubscribers.com
cybericonsultancy.com
bankssy.com
cxitsolution.com
summerinthepark2022.com
chainadmere.com
quangdecalshop.com
winagency.net
motorworks.tech
huefa.club
mthoodviewlodge.com
bahisaltv79.com
codeforge.pro
dpd-gasplumbingandheating.com
echoesdesing.com
Targets
-
-
Target
Payment_Advice.exe
-
Size
119KB
-
MD5
fb6b4faf70cfaeac35c5f0fe94ac08e4
-
SHA1
e18e49ae0c5d0bbc332b869c60bdbf5f6cfe652f
-
SHA256
940584cf3203158b88b4dfafc8550d92be205ca5ef401da8a4449622e423751c
-
SHA512
d75ca0422d9d4f325282566de106a2ab669942b34fdbecc2b454fee5018968229bafb74bfdbf01d405b9a73847ab8dde625023e3fba192c83d07fcf5292950c2
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-