General
-
Target
d0c1e2d3400adbc801fb564688620041.bin
-
Size
685KB
-
Sample
230316-gtt75abf3y
-
MD5
35f78525e35df5a94be773b2a363b0c9
-
SHA1
dde637b8a3ebab6ae31222a42502af095b048218
-
SHA256
7ceddb9d23c536b2d5d9c4d57cc24aa764944db16f62b8db871db41f34e22be6
-
SHA512
ee61bde34101ff647989e126d68d7b9cdb42caed13042f4e27587fc353aded7b763022e76a67dc2f984b507a50dd2d1752127f8013b2b2f1818f69455165d7f6
-
SSDEEP
12288:WTwLqQknE60unjAA4AeT/IG0Q+YhH2QNnV7FBCEIP1jbucnDXPDHwRD7Icd:WTwLqNW9NMG0Q+KWketjzDH2gcd
Static task
static1
Behavioral task
behavioral1
Sample
77ed29ab8aa9da3669874c3f49e81c581105a981e8537a78382dc69e043943a6.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
h3sc
seemessage.com
bitlab.website
cheesestuff.ru
bhartiyafitness.com
bardapps.com
l7a4.com
chiara-samatanga.com
lesrollintioup.com
dropwc.com
mackey242.com
rackksfresheggs.com
thinkvlog.com
aidmedicalassist.com
firehousepickleball.net
sifreyonetici.com
teka-mart.com
ddttzone.xyz
macfeeupdate.com
ivocastillo.com
serjayparks.com
uptimeps.cfd
prioritivity.com
linjia.cfd
rentmobil99.com
amazonpublicationhouse.com
wisconsinprivatelenders.com
emavgrfcolvin.click
navegadornet.tech
extremetension.com
hpm8cnb5s2vqr.com
sxhjdp.com
breathevitality.com
easyshopalgeria.com
profibex.com
3546464356.top
shopanml.space
andhra2telangana.com
b4pizzeria.click
thehealingcoaches.com
theantalyas37d.com
tyuuhai.site
look.fashion
zbzhaochang.com
emmettis.com
data4u-e.shop
dawnzdesignzz.com
modulatic.com
measuremateshop.com
5starseptics.com
zexalin.top
r693.xyz
techcryptoreview.com
singiteasy.store
portpay.site
holmtransport.com
zkdwvtg.top
nonetdc.xyz
customerservicesafesteptub.com
myhandmadeheaven.com
prostockdirect.store
vppq.buzz
malibu5.com
alexfallah.com
93oo.top
illatales.com
Targets
-
-
Target
77ed29ab8aa9da3669874c3f49e81c581105a981e8537a78382dc69e043943a6.bin
-
Size
762KB
-
MD5
d0c1e2d3400adbc801fb564688620041
-
SHA1
499c664b4170c484c661286d02135186ae5e77f8
-
SHA256
77ed29ab8aa9da3669874c3f49e81c581105a981e8537a78382dc69e043943a6
-
SHA512
28a8dde829add33a2550e668461e2b1899982ae49c9733dc29118a2ce8bcff8903924049fcb964e6b6faee41b303c49decda52de9c08b6349d2dcc16c08a9c74
-
SSDEEP
12288:ZCvwk/wjZBHYBcLnCdP9+V7ywfxxM+fd6BVvhazSUQxHIugLrxhS/ESBoYXJGRTw:ZCvwIkBaf+RTG+fdifRFgLjS/7nJT
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-