General
-
Target
PI_4_5767189090436911808.js Pdf.exe
-
Size
1.0MB
-
Sample
221210-ktbbssfc35
-
MD5
8bd2de9e1f41c0914129b5751eabfbc7
-
SHA1
7d44cda92b3fa3b237091ce58e0e6e7b416fef91
-
SHA256
9bdc185c4c52ab97921a7d99b7bfe6e22ac5be828d999b19e41983b3c79af0c9
-
SHA512
2098eb4f8dbc6e19d1a8a7a9834af370f8d761fd3788afb6a96ba10cc6e5b2575a598e83833e0702a048667ac1a51a16611bb23e3d5b424d3a00ac6074c81ed8
-
SSDEEP
12288:+FfPpFLaKTy0qtEF2+ZFMISeJY564ALwCxcfWJAO0QDbesJmFPJIvFj3p/TSKyfi:2fPpF+Bt/+6v64/CJ0hF+Nj5rh
Static task
static1
Behavioral task
behavioral1
Sample
PI_4_5767189090436911808.js Pdf.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
4.1
a19i
onelovefungi.com
paperlesspoop.com
perfectsalaries.com
tutor-dashboard.com
canucksshine.com
brl-mo6.online
fathistudio.com
iptv-3.com
hbombmedia.com
ifizidi.com
dahuaguinee.com
jyrbz.com
aawwuk.com
aina.health
socialbod.com
27mk.top
gnomeswhognow.net
unrivaledpurpose.com
randy.cloud
referralcodesmarket.com
takuorigins.com
lewsholding.com
dxlock.com
bestehemosideri.site
torrentwarrior.net
purringlover.com
apiweb.xyz
buradayaziyor.com
veronicamariefield.com
fitnessmoneyblueprint.com
bfsdisplays.com
worldfoodbar.com
cq9games27.com
siespeaks.com
copythefunnel.com
enweb2fa.info
gazachildrensfund.online
maxxess-systems9.cloud
hampyko.online
healingspree.com
rivalology.one
jekev.xyz
theunstoppabletravelers.com
vrf47i.shop
weajo.online
xddxiaoduji.com
facesseekers.com
liankecloud.top
garagesavior.com
dcmobilemassagegal.com
tdcrpd.com
supremejsoftc.cloud
xn--heizanhnger-r8a.com
xitsj.com
amtqu.com
coraphysicatherapy.com
aytjter3.xyz
bssindo.com
discgolfputting.com
trnchmen.com
ethanwatters.com
mykiitsch.com
ricky.world
rochtranel.one
le-shoothe.com
Targets
-
-
Target
PI_4_5767189090436911808.js Pdf.exe
-
Size
1.0MB
-
MD5
8bd2de9e1f41c0914129b5751eabfbc7
-
SHA1
7d44cda92b3fa3b237091ce58e0e6e7b416fef91
-
SHA256
9bdc185c4c52ab97921a7d99b7bfe6e22ac5be828d999b19e41983b3c79af0c9
-
SHA512
2098eb4f8dbc6e19d1a8a7a9834af370f8d761fd3788afb6a96ba10cc6e5b2575a598e83833e0702a048667ac1a51a16611bb23e3d5b424d3a00ac6074c81ed8
-
SSDEEP
12288:+FfPpFLaKTy0qtEF2+ZFMISeJY564ALwCxcfWJAO0QDbesJmFPJIvFj3p/TSKyfi:2fPpF+Bt/+6v64/CJ0hF+Nj5rh
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-