General
-
Target
639b8c7c6c073dba732b3bf637198ef8
-
Size
1.1MB
-
Sample
221128-3qwgnscb43
-
MD5
639b8c7c6c073dba732b3bf637198ef8
-
SHA1
678981a9dd87757102383c8179213e4fdb50f981
-
SHA256
cb51a857dc33e532754e21259545e94dd518baff0783b8dd0623a20621af3a28
-
SHA512
c6d5ffffe53e6472dfe7cb12380ee2619cc353994ab7aee682ca5b97a7dfc2b7cd0e9d0ea49d38626ed82256bb391860e3ac3ae67b07150a15711a5de8dd75a9
-
SSDEEP
12288:NQnk3GDYKGcblOOO8veSJJ9F5qhBWX7riHB7BF7M9VVRyF/2gLrQ8H5Z/wwC+r1Q:XAOcZPOeJ9FEeHiT7MdIF/2gzf3hL69p
Static task
static1
Behavioral task
behavioral1
Sample
639b8c7c6c073dba732b3bf637198ef8.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
4.1
nurs
caixinhascomcarinho.com
abinotools.com
oporto-tours.com
iruos.com
yesmamawinebar.com
wwwscu.com
habit2impact.com
antigenresearch.com
ux4space.com
diarypisces.com
cryptopers.com
lovingmoreband.com
beerwars.net
ascariproject.site
livesoccerhd.info
bluestardivingschool.com
pluik.com
snorrky.space
lcoi9.com
phantomxr.com
billingandinvoicing-d.space
sdcvbk.online
ozoraa.tech
chroniclesmagazine.net
hlamarwillis.com
tavolosmart.com
petrouzinexmail.com
nord-income.com
boatlifestyle.life
kangenionizedwater.com
cassandrestlouis.com
nicodemusandcrow.com
yodercontractors.com
trendingwithtom.com
amazondeserthotsprings.com
ietsiemooishop.com
yuqifudemao.online
rdf-group.com
jukerounisexsalon.com
lunarphase-aroma.com
charmapa.com
pimcoclients-au.com
denmarktennessee.com
practicalfpa.biz
mdjwa.com
aerobalear.com
hotgirlseeking.online
upscalee.com
northerntohoku-cartours.com
bestcomposable.com
hgjjglq.com
biggabytes.com
positiveenergyart.com
gastries.info
jamestaylorcreative.com
oolsoojeed-ihissoavaj.online
teoshotthis.com
freetinytools.com
keyupstudio.com
nakiavolaris.store
lifewithlenaivie.com
meysisupplierberas.com
akannroyal.xyz
cultivayoga.store
truckdued.com
Targets
-
-
Target
639b8c7c6c073dba732b3bf637198ef8
-
Size
1.1MB
-
MD5
639b8c7c6c073dba732b3bf637198ef8
-
SHA1
678981a9dd87757102383c8179213e4fdb50f981
-
SHA256
cb51a857dc33e532754e21259545e94dd518baff0783b8dd0623a20621af3a28
-
SHA512
c6d5ffffe53e6472dfe7cb12380ee2619cc353994ab7aee682ca5b97a7dfc2b7cd0e9d0ea49d38626ed82256bb391860e3ac3ae67b07150a15711a5de8dd75a9
-
SSDEEP
12288:NQnk3GDYKGcblOOO8veSJJ9F5qhBWX7riHB7BF7M9VVRyF/2gLrQ8H5Z/wwC+r1Q:XAOcZPOeJ9FEeHiT7MdIF/2gzf3hL69p
-
Formbook payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-