General
-
Target
RFQ _#CIF FOR Hyderabad.exe
-
Size
893KB
-
Sample
221207-rj1bhaac4z
-
MD5
38e553f81a142579ea9a4e61a5c02c14
-
SHA1
44cb7f3254aa1991bd49039f9cfaec4ac3cf87b2
-
SHA256
090b0e38780c07da32a7d9119c754e34b398845b94fbe8ea544fc9ab8d81ac80
-
SHA512
3bc489194086f1abc40e077657d50835d6a71fe94314592aa47c806340ae3d5dd4f53bb8bc969c7d22cd2403fd395a8283a4573abb1475709dd7543c72b65203
-
SSDEEP
12288:roQgKZ/nXt7virmWhlGLaQYIV7m2HUOZE2SqvXD0LLc7VrfOJvFTkfDtd9201ZRk:DBHEdqf0KOJvFTkf5L2GRahex3zLu
Static task
static1
Behavioral task
behavioral1
Sample
RFQ _#CIF FOR Hyderabad.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
4.1
d94i
drain-pipe-cleaning-74655.com
culligandiiy.com
lknja.shop
salon-atmosfera.ru
steamgeneratorboilers.com
drain-pipe-cleaning-30896.com
dinoton.fun
feed-v.com
aym-brum.co.uk
bxztil.xyz
infinite-transformation.com
caticmicro.com
abrahamgranda.com
cleaninggem.com
hi5279.com
jainsdigitalservices.com
cglsuperset.com
kephatonrx.com
babyhandmold.com
braceelet.com
binotel.online
hengyangwangc.com
177787.com
dapperexperiences.com
perfectlyvintage.co.uk
ivoneartes.com
freightbyu.com
hotelvillaverdehn.com
igor-paixao.com
packmask.co.uk
lotuslandticketspice.com
mgkmanufacturing.com
casamollyshop.com
euterpe-paris-violin.com
imfeelingluckyongoogle.com
1wwxbc.top
9pdygwqg.com
akinsoftayvalik.xyz
kicoat.com
badgescottage.co.uk
bigbagsale.shop
scintillatecreative.com
thisguycancook.africa
truevision.africa
aapainternational.com
andrea-fuchs.com
thetrendshop.co.uk
pinkshea.co.uk
historiafilia.com
imaginationlbrary.com
electionfactsnc.com
cyberparkbhutani.com
freshcouponz.com
altyazili90.xyz
lidraulico.info
cardedeuweb.com
chacossandalsuk.com
10bconsulting.com
koziime.com
peek-a.boo
iuwamz.top
stonebridgetops.co.uk
heck-akunwso.xyz
helveticabold.co.uk
schoolcut.org.uk
Targets
-
-
Target
RFQ _#CIF FOR Hyderabad.exe
-
Size
893KB
-
MD5
38e553f81a142579ea9a4e61a5c02c14
-
SHA1
44cb7f3254aa1991bd49039f9cfaec4ac3cf87b2
-
SHA256
090b0e38780c07da32a7d9119c754e34b398845b94fbe8ea544fc9ab8d81ac80
-
SHA512
3bc489194086f1abc40e077657d50835d6a71fe94314592aa47c806340ae3d5dd4f53bb8bc969c7d22cd2403fd395a8283a4573abb1475709dd7543c72b65203
-
SSDEEP
12288:roQgKZ/nXt7virmWhlGLaQYIV7m2HUOZE2SqvXD0LLc7VrfOJvFTkfDtd9201ZRk:DBHEdqf0KOJvFTkf5L2GRahex3zLu
-
Detected phishing page
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-