General
-
Target
REQUEST FOR QUOTATION.js
-
Size
398KB
-
Sample
221123-rs973ahd93
-
MD5
221959c0cb83f333ff5626250f07150d
-
SHA1
edc81bb47ec361697e8a4c989e21ce08b73c9df9
-
SHA256
3be91a04e20428350874375f4d47ae9240c5e64c7e37deac6fcafd1968933063
-
SHA512
ea4049d06dac1c16ddf1148998f2d6599f38b0cd2863655e62fcd713b239f2313db89c19c28486da24e7648041fb052b42a966ca68e5512fc1598ab754620b35
-
SSDEEP
6144:6rnjtDt1a3nLZtHf4ROEGXpWtFRsgDEzVaC+Y8vzOBWesNR0KyfbVX8YBVJlq5:sth1qff4AEQ+EzVaChwO4pK3DVXTa
Static task
static1
Behavioral task
behavioral1
Sample
REQUEST FOR QUOTATION.js
Resource
win7-20220812-en
Malware Config
Extracted
formbook
4.1
c0e5
educao.pet
e-race.store
clitzhyper.com
webcheetahtech.online
akkarr.online
odevillage.fit
yaignav.site
191u.us
misionartv.store
leadingpastor.com
claudio-vega.store
9mck753.com
system-reminder.live
landsharesfg.net
lmcsf.top
mkstoreacesse.com
2023.domains
yb8.mobi
2q02f4fyxg7ybb18.digital
logtray.shop
asroycsitorus.com
coisasdeemariia.site
bezbanov.shop
clickzoononline.shop
nzlabour.party
airbnb.melbourne
myvea.online
toutsurimmo.email
kh888.vip
opposestorm.shop
broearn.info
korendietspecials.mom
6yhg2wnh.cfd
ergskin.com
projetlemet.com
dannyyomtobian.com
guidesmail.xyz
beavertonbjj.net
tyrannic442596.biz
joycasino-sga.top
yueyin.art
cliff23.site
smoothapperal.com
youknowthedrill.xyz
mabanaft.group
pessimisticreassurance.top
nhzd.mom
leb26867.top
dorsalrims.xyz
brewhousebikes.com
highthunder.online
philosofinance.online
esafw.shop
bayengineeringsolutions.site
xn--lbsolues-x0a4l.com
1wtgz.top
play168kh.app
bathroomshelf.net
rorol.top
nwxusmods.com
chinawhitebelfast.com
dronebox.shop
boamiz.store
tiannongtuan.com
ludrogheda.com
Targets
-
-
Target
REQUEST FOR QUOTATION.js
-
Size
398KB
-
MD5
221959c0cb83f333ff5626250f07150d
-
SHA1
edc81bb47ec361697e8a4c989e21ce08b73c9df9
-
SHA256
3be91a04e20428350874375f4d47ae9240c5e64c7e37deac6fcafd1968933063
-
SHA512
ea4049d06dac1c16ddf1148998f2d6599f38b0cd2863655e62fcd713b239f2313db89c19c28486da24e7648041fb052b42a966ca68e5512fc1598ab754620b35
-
SSDEEP
6144:6rnjtDt1a3nLZtHf4ROEGXpWtFRsgDEzVaC+Y8vzOBWesNR0KyfbVX8YBVJlq5:sth1qff4AEQ+EzVaChwO4pK3DVXTa
-
Formbook payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-