General
-
Target
SecuriteInfo.com.Trojan.PackedNET.1681.13901.8451.exe
-
Size
947KB
-
Sample
221123-xdgvvsef69
-
MD5
0f56bac1a380f84eb814ec7730b472f1
-
SHA1
689c412c479bb2d1f4aaad821e6be5a2f1ca94ba
-
SHA256
ec97b2959f4dc8a687cf3b573c50bd1eccb24c756e2070be312f9fc4136f067e
-
SHA512
fed7c160c0c83b1a6ac38ed5dec5b8f5997ba4c0f7b8b74e02df160047a102a8b4c58ffecb80e4bbba570c70279d9c258adc0ff60fed71888b6c3d5dddf63e72
-
SSDEEP
24576:oM+L74mBfNUstzom3r8JNJ5wNGX/LhtW12kNnqlxn7K9x/kF0nCdbJ2McWt:8IPAGdtwNnqlxn294jJBv
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.PackedNET.1681.13901.8451.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
4.1
oi05
fluidavail.online
blchain.tech
kyocera.website
sangmine.xyz
thepolicyjacket.info
ssvhelpman.net
y-t-design.com
eminentabroad.com
codingcamp.store
bester.capital
tanjiya23.site
bheniamyn.dev
top5monitor.com
bit-prim.trade
airstreamsocialclub.com
darkwarspod.com
zazisalesdistribution.com
vivolentlo.online
daftburo.net
elemangelsin.xyz
chasewildfire.buzz
olioubnajo.buzz
agoura.dental
ky4352.com
finechoice.mobi
studioarchadroit.com
5009townesouth.com
tik454register.xyz
divaresesaat.xyz
projektwrestling.com
krystalclearmemories.net
vinaychhaparia.com
sodexosupplychain.info
uudai.store
demontya.site
cloudydad.cloud
mewzom.online
20010906.xyz
epuken.link
saludaldia.tech
generto.com
mbenzmotorsport.com
voidssl.life
elbetolacakbirgece10.com
cdncleaningservices.com
kuzs248.top
verus.website
wisefocus.net
xn--nergie-de-gaia-9jb.com
wowsportsbet.com
vhkopiu.top
shopify-postmaster15.info
lysiimmobilier.site
princess.express
betebrands.com
6tldsuoacvrlwc1g4i.top
labucarimini.net
hogushinotakumi.com
turnhappy.shop
geenpaii.xyz
pyrrhadev.xyz
minhasaudeelevada.com
oblk.pics
recursosdijitales.com
vivencie.shop
Targets
-
-
Target
SecuriteInfo.com.Trojan.PackedNET.1681.13901.8451.exe
-
Size
947KB
-
MD5
0f56bac1a380f84eb814ec7730b472f1
-
SHA1
689c412c479bb2d1f4aaad821e6be5a2f1ca94ba
-
SHA256
ec97b2959f4dc8a687cf3b573c50bd1eccb24c756e2070be312f9fc4136f067e
-
SHA512
fed7c160c0c83b1a6ac38ed5dec5b8f5997ba4c0f7b8b74e02df160047a102a8b4c58ffecb80e4bbba570c70279d9c258adc0ff60fed71888b6c3d5dddf63e72
-
SSDEEP
24576:oM+L74mBfNUstzom3r8JNJ5wNGX/LhtW12kNnqlxn7K9x/kF0nCdbJ2McWt:8IPAGdtwNnqlxn294jJBv
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-