General
-
Target
AF3838D501FED830BCB3C3B48D3184B05F588D8699816AFF5A2F2F27EC0D1154
-
Size
558KB
-
Sample
221123-r1gwgsaa28
-
MD5
6adcefcaba52081bbfe7c3f06e0fc4d8
-
SHA1
090f3771e9b4b7e4f3e56cc18a5e59a77dcaf756
-
SHA256
af3838d501fed830bcb3c3b48d3184b05f588d8699816aff5a2f2f27ec0d1154
-
SHA512
fcc600e7f4254aa1706134ae809082e4894e302d9732734a24bf865e0961d78412151e22ab9910eb320201df4647d09835e12fc19455c26d52b1b796f3609de9
-
SSDEEP
12288:+ejceu5gFDrIhB0/lRqzAmOrW8Yu0kAAVB8wot83wF8r/SyAuPpc2wxX:BtEDq3qUfW8vzFotcrThDwxX
Static task
static1
Behavioral task
behavioral1
Sample
PROVA DE PAGAMENTO.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
4.1
gs25
real-food.store
marketdatalibrary.com
jolidens.space
ydental.info
tattoosbyjayinked.com
buytradesellpei.com
61983.xyz
identitysolver.xyz
mgfang.com
teizer.one
staychillax.com
ylanzarote.com
workte.net
maukigato.shop
coolbag.site
btya1r.com
dkhaohao.shop
zugaro.xyz
boon168.com
xn--80aeegahlwtdkp.com
ofiarx.com
militaryees.com
moshrifmontagebau.com
usesportcompany.com
savagesocietyclothing.com
wethedreamrs.com
allhealthzdorovoiscilenie.sbs
legacycrossingbroker.com
dompietro.com
hallconciergerie.com
xn--289a95vn5cmx6a.com
siervostinting.com
windesk.info
braxton.construction
scarefullym.shop
organicyummyvegan.com
maniza.shop
moviesmod.one
wenmingsm.com
techgist.tech
infodescansovital.click
adsfuture.shop
54844.site
opensea.creditcard
yassinshield.com
daubacthanhdeneasy.online
governmentmarketstrategies.com
socioeconomical.pics
blackmail.guide
tdrevolution.net
mega-pornx.info
favrity.com
cuocsongtot2022.site
touchlyfe.com
track-usps.info
kitchentimeremodeling.com
jettylearn.com
hookguy.buzz
cojo.world
negocio-naweb.store
kern3361ren1.site
smithbryan.website
jlxseat.top
rocksology.net
crownglassware.info
Targets
-
-
Target
PROVA DE PAGAMENTO.exe
-
Size
710KB
-
MD5
d90ee4a69a80b53f8b6ac0f3fd08e72c
-
SHA1
000e8e599fbf58baeac2483c92370b811fa2477d
-
SHA256
c0764ceab13a533b3ea99ccc162a1f36e85f4094b29c4a30b91b0d3f0ff1112e
-
SHA512
ec18433d2c9afc3865c5f6b58acdb895c6abe98427b8e19d37e991033a3aee5254fea78f097aa472d9a1930f6d5fcc17cafd524fd5170c9bf3427bdb0f5a7755
-
SSDEEP
12288:pSIyM/U057k2TlIh1A/lDMzAmORWyYuMkAAV/8wot83w/8rRWnu6:BBOzGVMU9WyvdFotCronu6
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-