General
-
Target
fcc21d800f2cd942cbb2777c40a8ebf831e7fce2e6c8c77d5fa8fd4e3709bd01.js
-
Size
346KB
-
Sample
221130-t3k22aga24
-
MD5
21199ca311ff9236a22bc04871f49361
-
SHA1
14bf80cebe0fe6945ab146eb481a40d62df5f1d1
-
SHA256
fcc21d800f2cd942cbb2777c40a8ebf831e7fce2e6c8c77d5fa8fd4e3709bd01
-
SHA512
2696c74bae8749f26af0483807395356a0224c2124ac956cbb48e8026a705cc3bc1cc8056991385284636e4982dbaefb5a4887901459e41ff02bd0975f5927a0
-
SSDEEP
6144:So6tITpn1wYXxLJCZQk5s1TAriIgnywLzTp1vQo:76tSJ1tXGaka1TArinBHtZ/
Static task
static1
Behavioral task
behavioral1
Sample
fcc21d800f2cd942cbb2777c40a8ebf831e7fce2e6c8c77d5fa8fd4e3709bd01.js
Resource
win7-20221111-en
Malware Config
Extracted
formbook
4.1
c0e5
educao.pet
e-race.store
clitzhyper.com
webcheetahtech.online
akkarr.online
odevillage.fit
yaignav.site
191u.us
misionartv.store
leadingpastor.com
claudio-vega.store
9mck753.com
system-reminder.live
landsharesfg.net
lmcsf.top
mkstoreacesse.com
2023.domains
yb8.mobi
2q02f4fyxg7ybb18.digital
logtray.shop
asroycsitorus.com
coisasdeemariia.site
bezbanov.shop
clickzoononline.shop
nzlabour.party
airbnb.melbourne
myvea.online
toutsurimmo.email
kh888.vip
opposestorm.shop
broearn.info
korendietspecials.mom
6yhg2wnh.cfd
ergskin.com
projetlemet.com
dannyyomtobian.com
guidesmail.xyz
beavertonbjj.net
tyrannic442596.biz
joycasino-sga.top
yueyin.art
cliff23.site
smoothapperal.com
youknowthedrill.xyz
mabanaft.group
pessimisticreassurance.top
nhzd.mom
leb26867.top
dorsalrims.xyz
brewhousebikes.com
highthunder.online
philosofinance.online
esafw.shop
bayengineeringsolutions.site
xn--lbsolues-x0a4l.com
1wtgz.top
play168kh.app
bathroomshelf.net
rorol.top
nwxusmods.com
chinawhitebelfast.com
dronebox.shop
boamiz.store
tiannongtuan.com
ludrogheda.com
Targets
-
-
Target
fcc21d800f2cd942cbb2777c40a8ebf831e7fce2e6c8c77d5fa8fd4e3709bd01.js
-
Size
346KB
-
MD5
21199ca311ff9236a22bc04871f49361
-
SHA1
14bf80cebe0fe6945ab146eb481a40d62df5f1d1
-
SHA256
fcc21d800f2cd942cbb2777c40a8ebf831e7fce2e6c8c77d5fa8fd4e3709bd01
-
SHA512
2696c74bae8749f26af0483807395356a0224c2124ac956cbb48e8026a705cc3bc1cc8056991385284636e4982dbaefb5a4887901459e41ff02bd0975f5927a0
-
SSDEEP
6144:So6tITpn1wYXxLJCZQk5s1TAriIgnywLzTp1vQo:76tSJ1tXGaka1TArinBHtZ/
-
Formbook payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-