General
-
Target
ae5f04e1939d8ce30342a717d15c99489f9afa411aacfdbc85a4f6af79013694-mod.exe
-
Size
848KB
-
Sample
221207-c3snfaba6y
-
MD5
f5754653e12482d470ba49e6e4a56456
-
SHA1
98d4aae9a159eea640d43ffe6900b25e44d4b5bb
-
SHA256
8fddf1605031da46c75a4bcf9a38ac8868fb6ef9519828905f6e8435fa3875a4
-
SHA512
2cfd20eeb8daddada5c2cdcc0f28e3baa069bde93ba2ee4dbe776be683019b0d12d29ac40356caa14949290cc0188db67412cbdcd60d89829d8e15a3c792498e
-
SSDEEP
12288:rewy0O8ZrzM87QTdAz+VEYemZJbxpDF8VGmGqPBaynlmhGHqsSqyAeugqAPW6ETF:rewDljBa5hCuNZ/A6CgUPv
Static task
static1
Behavioral task
behavioral1
Sample
ae5f04e1939d8ce30342a717d15c99489f9afa411aacfdbc85a4f6af79013694-mod.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
4.1
d0a7
ngpjqd.top
provider1.net
themetaverseloyalties.com
tylpp.com
pmjewels.com
87napxxgz8x86a.com
djolobal.com
fmbmaiamelo.com
naijabam.online
networkingbits.com
beesweet.live
sexarab.homes
promptcompete.com
midsouthradio.com
23mk.top
bnhkit.xyz
2ozp56.bond
vehiclesgroups.com
healthycommunitynow.com
cwzmesr.com
qpeqlqb.com
parallelsoundsstudio.com
legacy-lc.com
isedeonline.com
baudtown.com
characting.space
noironclothes.com
pisell.one
comnewcocoffee.com
bitvtag.live
hotelblunt.com
chryslercapitla.com
designrate.art
niacopeland.com
royaltyweb3.com
openai-good.com
mom.rent
brapix.app
pikkwik.com
omilive.com
whdmjse.com
belifprint.com
ncsex6.xyz
vrf70r.online
jbway.com
avtokozmetika.website
info-klar.com
zbk53.com
comfydays.shop
ismagency.biz
shm01.com
horzeplay.com
luxacumen.com
drpathcares.com
steamfulfillmentllc.com
board-evaluations.com
gecreditu.info
aquastarla.net
yjdfw.net
dhjzfs.com
theminco.biz
honeynoel.com
rzkbol.com
anastsy4.tech
botani-yodo1.xyz
Targets
-
-
Target
ae5f04e1939d8ce30342a717d15c99489f9afa411aacfdbc85a4f6af79013694-mod.exe
-
Size
848KB
-
MD5
f5754653e12482d470ba49e6e4a56456
-
SHA1
98d4aae9a159eea640d43ffe6900b25e44d4b5bb
-
SHA256
8fddf1605031da46c75a4bcf9a38ac8868fb6ef9519828905f6e8435fa3875a4
-
SHA512
2cfd20eeb8daddada5c2cdcc0f28e3baa069bde93ba2ee4dbe776be683019b0d12d29ac40356caa14949290cc0188db67412cbdcd60d89829d8e15a3c792498e
-
SSDEEP
12288:rewy0O8ZrzM87QTdAz+VEYemZJbxpDF8VGmGqPBaynlmhGHqsSqyAeugqAPW6ETF:rewDljBa5hCuNZ/A6CgUPv
-
Formbook payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-