General
-
Target
NEW PO.IMG
-
Size
1.2MB
-
Sample
220804-rgzl7aggal
-
MD5
f7515c2bddf418bc3101b5b969d5269f
-
SHA1
254a60c35d6c73fb2cc9fbc1e122bd92624d6601
-
SHA256
af7fd0b62692c6036f4f1f15a21840a7fa3939f1f3aa1b2407d018f4f4d00bf3
-
SHA512
83bae8d7b0956973c8d6fef9e04106d43c90bba5e2ed0ef672ff7da0d30701a4bdf24d1e6620e5874b64c4d277dafbbec766cd94f83af2f5834ecbd63652b25b
Static task
static1
Behavioral task
behavioral1
Sample
NEW_PO.exe
Resource
win7-20220718-en
Malware Config
Extracted
formbook
4.1
d27e
lilysbusride.com
cloud-sechs.com
danpro.co.uk
wendoortech.com
playgroundrebellion.com
betventures.xyz
digimediasolution.net
abrahambetrayedus.com
whinefree.com
realeurolicence.com
makelovetrip.com
damediaagency.com
pinaralsan.com
5bobitw.com
shootingkarelia.online
website-staging.pro
manassadhvi.online
bathroomandkitcenking.com
realtormarket.net
dfysupport.com
class-flow.com
migstrip.online
qnacontracting.com
namaste-events.com
yestifications.com
indigoartandclothing.com
resultedu.com
digitalworldp.com
phase7assured.com
hirejar.site
leadstosuccessdental.com
ebooksonline4u.com
prosperbags.com
binarytreetech.com
jenpetronellatattoos.com
purpleduckdesign.net
merceriasen.xyz
shinnadesign.online
perubahantariftransaksi.website
jhanca.site
tacoslawera.com
majorappliancepros.com
kemiandsalam22.com
skipperage.info
tabulose-lust.xyz
wahproducts.com
mcleod.top
acepaintingservice.com
longtaidazong.com
spit2dabeat.com
jthecreator.net
sanhelu00.top
ipcemea.info
uniofilm.com
kitchenbw.space
abiccreats.com
southamptonvac.com
zavodalabda.xyz
mahahills.com
careers01-cxeinc.com
betteryourfinancial.info
buyfarfalla.com
moesoldmine.com
sioreu.com
havehealthybloodsugar.com
Targets
-
-
Target
NEW_PO.EXE
-
Size
703KB
-
MD5
ffe037deca0641fac8353d65db14d3ed
-
SHA1
5324aa903669c0b1417ea69f5fdab01600a37527
-
SHA256
bd14376c2116d73ced555431ec6b80afce2dbb13b36843edea366e897e32c360
-
SHA512
84f0e47107f11c0bf0622598797f216e14f2715cf756473b7ebf8892a8378d62c2a9b88f5582ac40a9e7bb13e4891315fee92607524d057aabed3eedcc9af580
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-