General
-
Target
virus.zip
-
Size
570KB
-
Sample
221202-phjagsff64
-
MD5
ec0d7a2da98af13daf5daa06aaca240a
-
SHA1
391cb11e5421a8d1a8c50d81bb7e00da3b216e14
-
SHA256
1412033c8719978d6d3aff11c06cb47b63dcab5fc30c05399ff28aea15393485
-
SHA512
48f6a7031ac6cfce8878a6115f56c097d15489cd87b87cdc48e5d6feeae9f5d62a8d6ff9c48691eac8a84e7d091b9c599b9cd81f5cfe6da0c96b74938d83f174
-
SSDEEP
12288:/jtpQGkiF1Jl1lww5Zgl+GAKd+SEMtgkxSn/azLGswerVG2ZsJN0RXoV7:7tRZF1lel+GH+S2yS+LZEq4OoV7
Static task
static1
Behavioral task
behavioral1
Sample
СПЕШНА ПОРЪЧКА ЗА ПОКУПКА.exe
Resource
win7-20220901-en
Malware Config
Extracted
formbook
4.1
d0a7
ngpjqd.top
provider1.net
themetaverseloyalties.com
tylpp.com
pmjewels.com
87napxxgz8x86a.com
djolobal.com
fmbmaiamelo.com
naijabam.online
networkingbits.com
beesweet.live
sexarab.homes
promptcompete.com
midsouthradio.com
23mk.top
bnhkit.xyz
2ozp56.bond
vehiclesgroups.com
healthycommunitynow.com
cwzmesr.com
qpeqlqb.com
parallelsoundsstudio.com
legacy-lc.com
isedeonline.com
baudtown.com
characting.space
noironclothes.com
pisell.one
comnewcocoffee.com
bitvtag.live
hotelblunt.com
chryslercapitla.com
designrate.art
niacopeland.com
royaltyweb3.com
openai-good.com
mom.rent
brapix.app
pikkwik.com
omilive.com
whdmjse.com
belifprint.com
ncsex6.xyz
vrf70r.online
jbway.com
avtokozmetika.website
info-klar.com
zbk53.com
comfydays.shop
ismagency.biz
shm01.com
horzeplay.com
luxacumen.com
drpathcares.com
steamfulfillmentllc.com
board-evaluations.com
gecreditu.info
aquastarla.net
yjdfw.net
dhjzfs.com
theminco.biz
honeynoel.com
rzkbol.com
anastsy4.tech
botani-yodo1.xyz
Targets
-
-
Target
СПЕШНА ПОРЪЧКА ЗА ПОКУПКА.exe
-
Size
722KB
-
MD5
0aee1077971fda9cedfc570be5e2c822
-
SHA1
21092ac3f3146688e8bf9b7613c8293b74824970
-
SHA256
97bfd8737b330f409b85e67a43a20edcdc497a63ec9d663692aa8d11e323caf1
-
SHA512
72eb237eb96309d537c70008bbf6fa592e805f6111561ea3370799d14ec61f88743359cd2f614f2ac314d3b625cfe2f32b5119a293dec974783a188f5672265a
-
SSDEEP
12288:kLpeGieN1J53lWwlZ4r+cKkdm2oOJKk1wnjaXBnM33302IgFJN0V3foYcjZnbCkI:6PvN1Nyr+cHm2AMwOBnG30YCoBjZnbCx
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-