General
-
Target
5288674c2d9557bd89a0aab4869f1f60.bin
-
Size
1.6MB
-
Sample
230406-bs993aaf33
-
MD5
14580606fd4e8f2f77741489fc58ca7d
-
SHA1
1bd29db8597370f9a76b1333a948e2755a40b059
-
SHA256
e3814558f69d354860dd073731bf1b4a475937bf663a6c784959d604232e8a88
-
SHA512
e04ec5d815fa4b2343635c1e41fadc0d3eb3e5201e600a4a546ea2863525475d862f719de5841332d3dddb3f4d2fb1680972241bead5931dba1b45e2f2f5f555
-
SSDEEP
24576:wYdFoC2rOjVW1QTB+wN1maSMvUbqqRs8Lfc6opDS6r4qKx480CXxB6qBSsUKUI1A:wYdFozX1YJN1m2qtIdDhvUP0E1Ss5UIq
Static task
static1
Behavioral task
behavioral1
Sample
c9bdb8c092e5af89aacb7feae545fa43da02c84f6ac74a3a60cef3f9076c0ca4.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
ar73
classgorilla.com
b6817.com
1wwuwa.top
dgslimited.africa
deepwaterships.com
hkshshoptw.shop
hurricanevalleyatvjamboree.com
ckpconsulting.com
laojiangmath.com
authenticityhacking.com
family-doctor-53205.com
investinstgeorgeut.com
lithoearthsolution.africa
quickhealcareltd.co.uk
delightkgrillw.top
freezeclosettoilet.com
coo1star.com
gemgamut.com
enrichednetworksolutions.com
betterbeeclean.com
kbmstr.com
colorusainc.com
five-dollar-meals.com
baozhuang8.com
la-home-service.com
innovantexclusive.com
chateaudevillars.co.uk
echadholisticbar.com
naijacarprices.africa
4652.voto
kraftheonz.com
ingrambaby.com
braeunungsoel.ch
sweetcariadgifts.co.uk
kui693.com
akatov-top.ru
epollresearch.online
cupandsaucybooks.com
arredobagno.club
gt.sale
dskincare.com
cursosemcasa.site
leaf-spa.net
deathbeforedeceit.com
azvvs.com
laptops-39165.com
ccwt.vip
011965.com
mtevz.online
jacksontcpassettlement.com
aldeajerusalen.com
kellnovaglobalfood.info
alphametatek.online
lcssthh.com
dumelogold9ja.africa
d-storic.com
mogi.africa
ghostt.net
aksharsigns.online
goglucofort.com
b708.com
controlplus.systems
lightandstory.info
invstcai.sbs
2348x.com
Targets
-
-
Target
c9bdb8c092e5af89aacb7feae545fa43da02c84f6ac74a3a60cef3f9076c0ca4.exe
-
Size
5.0MB
-
MD5
5288674c2d9557bd89a0aab4869f1f60
-
SHA1
687b6337728a7e4fa646bfd1b0ddce84bcedf23d
-
SHA256
c9bdb8c092e5af89aacb7feae545fa43da02c84f6ac74a3a60cef3f9076c0ca4
-
SHA512
5305880363570bd0da5ae95fca7b54dfd70e4cb1a090c72a46420d4ce76bdb6b1b56753ef36a57d26cc06012d3028fbbb11c9afa0c6e33ec59b84caf27ad3eff
-
SSDEEP
49152:RsOS3uqy5zwcdnOJgYGT0f7fVGyfxHN5ixWRAhMGOuhSTDMj:0ebweOJF7Q
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-