General
-
Target
extracted_at_0x0.exe.bin
-
Size
19KB
-
Sample
221125-qlv9wsea2x
-
MD5
48e8120fe2553410035e7686bbadf6be
-
SHA1
ab8ccba71e5c0a8d0f0429da2991f7fb583f9feb
-
SHA256
0c3cf51bad9939b49a0a84465261c4bb1b218e9896a63b7d9b4a1fdd3e4e5d9b
-
SHA512
2420f967cd0cbab93476c898d17e83811e2653edbbdc04db8c7e289f3d5e0d3c409f138c7fdae3a7d354250a2d885ca04d527f77bb22ad3e581668883e7d6825
-
SSDEEP
192:6rtynt64526Ez3VVk80pf8stYcFmVc03KY:6rkt6452Fr2pfptYcFmVc03K
Static task
static1
Behavioral task
behavioral1
Sample
extracted_at_0x0.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
4.1
mi24
iberostargrandelmirador.info
emaginemru.com
clubeurowin.com
calspasjohnston.com
chasforg.me.uk
birslot.online
doyouthrive.com
collagenukr.shop
especiallyszhienough.com
g2-inc.online
bty0to.com
bodao.online
found-alerts.live
hcsilicon.com
19562.site
injurylawyersconsultants.com
annvandersteel.store
agenturplatzhirsch.store
descontosenergy.com
casesyanstarted.com
junkcar.site
lkinhor.xyz
kaiwors.store
onepelaton.uk
gradesky.online
leevelshealth.com
krakowczyk.com
zenithgroep.africa
5367.voto
janaccounts.africa
clutchin.com
bigwallcanvas.com
g2hm2.com
geertdevlieger.com
cupinoproperties.com
fazzacare.com
bolina157.com
b6929.com
halllmarkchannelwines.com
lionstoryz.com
audedans-audehors.com
cheatingdeathcustoms.info
autogenie.biz
dydjse.cfd
ziqondejourneytoself.africa
captainscove.co.uk
fordhathanh3s.com
i-badminton.ru
gold-price.site
cocacola.app
eslichto.shop
erasoutfits.com
gwlcivieletechniek.com
jupiteramservices.co.uk
2348x.com
7581331.com
cdfadq.com
badlesbianwidowsfanclub.com
jbo298.com
ehsanpours.shop
trentos.uk
5c9.net
davivinnda.store
405354.com
dbsoftware.cloud
Targets
-
-
Target
extracted_at_0x0.exe.bin
-
Size
19KB
-
MD5
48e8120fe2553410035e7686bbadf6be
-
SHA1
ab8ccba71e5c0a8d0f0429da2991f7fb583f9feb
-
SHA256
0c3cf51bad9939b49a0a84465261c4bb1b218e9896a63b7d9b4a1fdd3e4e5d9b
-
SHA512
2420f967cd0cbab93476c898d17e83811e2653edbbdc04db8c7e289f3d5e0d3c409f138c7fdae3a7d354250a2d885ca04d527f77bb22ad3e581668883e7d6825
-
SSDEEP
192:6rtynt64526Ez3VVk80pf8stYcFmVc03KY:6rkt6452Fr2pfptYcFmVc03K
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-