General
-
Target
Purchase order _SIP008.exe
-
Size
1.2MB
-
Sample
220928-jdh62afcf9
-
MD5
0f23b3dede5773a4da6e3f6869da28ad
-
SHA1
16b4fc729dc5b66381e710717acd7a226f0c631f
-
SHA256
3f4e8eda03283329f391e111c756f7b6ece4a9bc0d41672af8c1f09baf2b1cec
-
SHA512
5acc67f5cf49dcd7b50c5ef14cffa2990edc146f41ec5507f6d79476fa21026f3a5082b0f8d412153b4951e7f3f1172858705e0d7c582da79cffe88b37402f52
-
SSDEEP
24576:iAOcZXp03RQgAgCkLOMhc2e+Q+3mG2k1ny76RPGQFV0aBTjWFqwA5:ojRAgCk3clDmtGQFV9jWG
Static task
static1
Behavioral task
behavioral1
Sample
Purchase order _SIP008.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
4.1
mh76
healthgovcalottery.net
wenxinliao.com
rooterphd.com
bbobbo.one
american-mes-de-dezembro.xyz
mintager.com
thespecialtstore.com
wemakegreenhomes.com
occurandmental.xyz
fidelityrealtytitle.com
numerisat.asia
wearestallions.com
supxl.com
rajacumi.com
renaziv.online
blixtindustries.com
fjljq.com
exploretrivenicamping.com
authenticusspa.com
uucloud.press
conclaveraleighapts.com
moqaq.com
graphicressie.com
homebest.online
yisaco.com
thedrybonesareawakening.com
browardhomeappraisal.com
xn--agroisleos-09a.com
clinchrecovery.com
rekoladev.com
mlbl1.xyz
tunecaring.com
avconstant.com
chelseavictorioustravels.com
esrfy.xyz
frijolitoswey.com
zsfsidltd.com
natashasadler.com
kice1.xyz
drivemytrains.xyz
shopalthosa.xyz
merendri.com
yetkiliveznem7.xyz
milestonesconstruction.com
apparodeoexpos.com
momotou.xyz
chatkhoneh.com
cacconsults.com
kigif-indonesia.com
segurambiental.com
verynicegirls.com
curearrow.com
fdupcoffee.com
theclevergolfers.com
moushimonster.com
qdchuangyedaikuan.com
hopefortodayrecovery.com
wk6agoboyxg6.xyz
giybetfm.com
completedn.xyz
eluawastudio.com
legacysportsusatexas.com
comgmaik.com
intelsearchtech.com
northpierangling.info
Targets
-
-
Target
Purchase order _SIP008.exe
-
Size
1.2MB
-
MD5
0f23b3dede5773a4da6e3f6869da28ad
-
SHA1
16b4fc729dc5b66381e710717acd7a226f0c631f
-
SHA256
3f4e8eda03283329f391e111c756f7b6ece4a9bc0d41672af8c1f09baf2b1cec
-
SHA512
5acc67f5cf49dcd7b50c5ef14cffa2990edc146f41ec5507f6d79476fa21026f3a5082b0f8d412153b4951e7f3f1172858705e0d7c582da79cffe88b37402f52
-
SSDEEP
24576:iAOcZXp03RQgAgCkLOMhc2e+Q+3mG2k1ny76RPGQFV0aBTjWFqwA5:ojRAgCk3clDmtGQFV9jWG
-
Formbook payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-