General
-
Target
e-Belge1.exe
-
Size
1.1MB
-
Sample
220928-heq3lafbh2
-
MD5
93806db4549578ef1cb21b7f688798b2
-
SHA1
12e313f0998ab9010ca7e23f85da6f98f8b02030
-
SHA256
87fdf41f3af47dc20348fe21148546a943111c455ffb9a8cd73b1beb77513ce4
-
SHA512
443c96b19426abde09f5f7006c77cc3ac5660200d0480eca898e724e27d2d03771774eab318f294295165bbb4d72cd43a5fc748af0f92371e865f5108f48d8da
-
SSDEEP
24576:UAOcZXcxP6+jn2sKlQT/zeRoCR3lBR4YaGAuvZG31RMaas/xqY:CHUez8bkQA3XM9c
Static task
static1
Behavioral task
behavioral1
Sample
e-Belge1.exe
Resource
win7-20220901-en
Malware Config
Extracted
formbook
4.1
mh76
healthgovcalottery.net
wenxinliao.com
rooterphd.com
bbobbo.one
american-mes-de-dezembro.xyz
mintager.com
thespecialtstore.com
wemakegreenhomes.com
occurandmental.xyz
fidelityrealtytitle.com
numerisat.asia
wearestallions.com
supxl.com
rajacumi.com
renaziv.online
blixtindustries.com
fjljq.com
exploretrivenicamping.com
authenticusspa.com
uucloud.press
conclaveraleighapts.com
moqaq.com
graphicressie.com
homebest.online
yisaco.com
thedrybonesareawakening.com
browardhomeappraisal.com
xn--agroisleos-09a.com
clinchrecovery.com
rekoladev.com
mlbl1.xyz
tunecaring.com
avconstant.com
chelseavictorioustravels.com
esrfy.xyz
frijolitoswey.com
zsfsidltd.com
natashasadler.com
kice1.xyz
drivemytrains.xyz
shopalthosa.xyz
merendri.com
yetkiliveznem7.xyz
milestonesconstruction.com
apparodeoexpos.com
momotou.xyz
chatkhoneh.com
cacconsults.com
kigif-indonesia.com
segurambiental.com
verynicegirls.com
curearrow.com
fdupcoffee.com
theclevergolfers.com
moushimonster.com
qdchuangyedaikuan.com
hopefortodayrecovery.com
wk6agoboyxg6.xyz
giybetfm.com
completedn.xyz
eluawastudio.com
legacysportsusatexas.com
comgmaik.com
intelsearchtech.com
northpierangling.info
Targets
-
-
Target
e-Belge1.exe
-
Size
1.1MB
-
MD5
93806db4549578ef1cb21b7f688798b2
-
SHA1
12e313f0998ab9010ca7e23f85da6f98f8b02030
-
SHA256
87fdf41f3af47dc20348fe21148546a943111c455ffb9a8cd73b1beb77513ce4
-
SHA512
443c96b19426abde09f5f7006c77cc3ac5660200d0480eca898e724e27d2d03771774eab318f294295165bbb4d72cd43a5fc748af0f92371e865f5108f48d8da
-
SSDEEP
24576:UAOcZXcxP6+jn2sKlQT/zeRoCR3lBR4YaGAuvZG31RMaas/xqY:CHUez8bkQA3XM9c
-
Formbook payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-