General
-
Target
QUOTATION.js
-
Size
348KB
-
Sample
221017-v793dscfgn
-
MD5
ef2979f13b34b227f407b2f6a611fcb8
-
SHA1
c3ee0b25966c0571ba88d2baf82e77f7cac99e6f
-
SHA256
e5c140ad8d505a1b3efd96367d141f6c823f27b1b04bb53bce47baef12914052
-
SHA512
96ddca1b609edee64ddde021495b53b60a46bd168aed8a2b3a632496d3d3991bcbe76598c98114ddd61bd9001835b51e3773116faec02f7cc5f1b42b0510875c
-
SSDEEP
6144:/wkHXb6B9k9EcJCiqi82k6DpDtbl4SoKoGb/OMnKUU09JnglNhb:4G2vk9EcJCbi8ONDtp4So+/Up4neHb
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATION.js
Resource
win7-20220812-en
Malware Config
Extracted
formbook
4.1
c0e5
educao.pet
e-race.store
clitzhyper.com
webcheetahtech.online
akkarr.online
odevillage.fit
yaignav.site
191u.us
misionartv.store
leadingpastor.com
claudio-vega.store
9mck753.com
system-reminder.live
landsharesfg.net
lmcsf.top
mkstoreacesse.com
2023.domains
yb8.mobi
2q02f4fyxg7ybb18.digital
logtray.shop
asroycsitorus.com
coisasdeemariia.site
bezbanov.shop
clickzoononline.shop
nzlabour.party
airbnb.melbourne
myvea.online
toutsurimmo.email
kh888.vip
opposestorm.shop
broearn.info
korendietspecials.mom
6yhg2wnh.cfd
ergskin.com
projetlemet.com
dannyyomtobian.com
guidesmail.xyz
beavertonbjj.net
tyrannic442596.biz
joycasino-sga.top
yueyin.art
cliff23.site
smoothapperal.com
youknowthedrill.xyz
mabanaft.group
pessimisticreassurance.top
nhzd.mom
leb26867.top
dorsalrims.xyz
brewhousebikes.com
highthunder.online
philosofinance.online
esafw.shop
bayengineeringsolutions.site
xn--lbsolues-x0a4l.com
1wtgz.top
play168kh.app
bathroomshelf.net
rorol.top
nwxusmods.com
chinawhitebelfast.com
dronebox.shop
boamiz.store
tiannongtuan.com
ludrogheda.com
Targets
-
-
Target
QUOTATION.js
-
Size
348KB
-
MD5
ef2979f13b34b227f407b2f6a611fcb8
-
SHA1
c3ee0b25966c0571ba88d2baf82e77f7cac99e6f
-
SHA256
e5c140ad8d505a1b3efd96367d141f6c823f27b1b04bb53bce47baef12914052
-
SHA512
96ddca1b609edee64ddde021495b53b60a46bd168aed8a2b3a632496d3d3991bcbe76598c98114ddd61bd9001835b51e3773116faec02f7cc5f1b42b0510875c
-
SSDEEP
6144:/wkHXb6B9k9EcJCiqi82k6DpDtbl4SoKoGb/OMnKUU09JnglNhb:4G2vk9EcJCbi8ONDtp4So+/Up4neHb
-
Formbook payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-