General
-
Target
6fb6a2160d5ceeef3420d09b7156d35e403ba7098bc0bdcadc9e721de1b3d5af.zip
-
Size
803KB
-
Sample
230311-ptp76sbd9z
-
MD5
d726bf1ffb7ea9230de3e0900d8463dc
-
SHA1
c43c018e932819451d995c0efb2a8c091f252563
-
SHA256
76d03562610a6bb9d1d35ca0635a7c3d863af4995ddc2c674789380d103e8a69
-
SHA512
902b486ed56098229e5857dab53f47971841ea505dd5bb8d58e4cd5e46cae0add235c607e9790088cbc56b1ee88514e3054faacc262175ec988ea4e1e05dd5c4
-
SSDEEP
24576:AVAgA7vNqXxn6vfjCmwRfp5PLCZB/Vjrhy:AQMXovZG7GdVc
Static task
static1
Behavioral task
behavioral1
Sample
6fb6a2160d5ceeef3420d09b7156d35e403ba7098bc0bdcadc9e721de1b3d5af.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
h3sc
seemessage.com
bitlab.website
cheesestuff.ru
bhartiyafitness.com
bardapps.com
l7a4.com
chiara-samatanga.com
lesrollintioup.com
dropwc.com
mackey242.com
rackksfresheggs.com
thinkvlog.com
aidmedicalassist.com
firehousepickleball.net
sifreyonetici.com
teka-mart.com
ddttzone.xyz
macfeeupdate.com
ivocastillo.com
serjayparks.com
uptimeps.cfd
prioritivity.com
linjia.cfd
rentmobil99.com
amazonpublicationhouse.com
wisconsinprivatelenders.com
emavgrfcolvin.click
navegadornet.tech
extremetension.com
hpm8cnb5s2vqr.com
sxhjdp.com
breathevitality.com
easyshopalgeria.com
profibex.com
3546464356.top
shopanml.space
andhra2telangana.com
b4pizzeria.click
thehealingcoaches.com
theantalyas37d.com
tyuuhai.site
look.fashion
zbzhaochang.com
emmettis.com
data4u-e.shop
dawnzdesignzz.com
modulatic.com
measuremateshop.com
5starseptics.com
zexalin.top
r693.xyz
techcryptoreview.com
singiteasy.store
portpay.site
holmtransport.com
zkdwvtg.top
nonetdc.xyz
customerservicesafesteptub.com
myhandmadeheaven.com
prostockdirect.store
vppq.buzz
malibu5.com
alexfallah.com
93oo.top
illatales.com
Targets
-
-
Target
6fb6a2160d5ceeef3420d09b7156d35e403ba7098bc0bdcadc9e721de1b3d5af.exe
-
Size
948KB
-
MD5
72be1dd76472cba29a36135e882526fe
-
SHA1
be4b041b0c21162e389f4a9a1620fda5e0050713
-
SHA256
6fb6a2160d5ceeef3420d09b7156d35e403ba7098bc0bdcadc9e721de1b3d5af
-
SHA512
67ed20a8ba6c464d2abccf06b6a1af5215645a8812672f39b499ae52419b361d74065ebcfe3f9fb933722969619fb17e298a53898551953b00bc5c620e5587bc
-
SSDEEP
24576:jDKmIirBQVM3P06E+eaioYJjkVxOCAEzh:j2mIqq6fqBaioY2oCAK
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-