General
-
Target
93a9ea827dd8635158be7b107a40feeb50a52566698915f0c499a5f50c157200
-
Size
718KB
-
Sample
230612-3kjwpaeb74
-
MD5
bfcc7c29b09747aaf19d959f3a2840ee
-
SHA1
0e8ba089874b1712f080c762e98b9cb6e3a4b1dd
-
SHA256
93a9ea827dd8635158be7b107a40feeb50a52566698915f0c499a5f50c157200
-
SHA512
a80147bac912e7bca77b03ce6234ca0debcfda6cd672762c0fc96683d3c9b0b8229097052e3cbd8fffbdacba728b5f97a01fe08317cad5c7bcdc1f10c09cf603
-
SSDEEP
12288:CvV+s1bSQT6tjjdB4SE4uryvTAed4aI6Qt2Pli/LwNEMz8X5HlKtxp5udJF5VOz:CtMLuwTAeeaI6A/LuAXaIJPVO
Static task
static1
Behavioral task
behavioral1
Sample
93a9ea827dd8635158be7b107a40feeb50a52566698915f0c499a5f50c157200.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
m82
jamesdevereux.com
artificialturfminneapolis.com
hongmeiyan.com
lojaderoupasbr.com
yit.africa
austinrelocationexpert.com
saiva.page
exitsategy.com
chochonux.com
klosterbraeu-unterliezheim.com
byseymanur.com
sblwarwickshire.co.uk
brazimaid.com
ciogame.com
bronzesailing.com
dwkapl.xyz
022dyd.com
compassandpathwriting.com
alphabet1x.com
selfcleaninghairbrush.co.uk
power-bank.co.uk
kickskaart.com
baumanbilliardsnv.com
bestcp.net
doghospitalnearme.com
mixano.africa
helarybaber.online
illubio.com
ciutas.com
ldpr33.ru
killtheblacks.com
cassino-portugal.com
danhaii.com
gvtowingservice.com
let-travel.africa
dental-implants-67128.com
facetaxi.xyz
ctjh9u8e.vip
kyosaiohruri.com
executivepresencetrainer.com
greatharmony.africa
feelingsarereal.com
devopsuday.club
happiestminds-udemy.com
fittingstands.com
happyhousegarment.com
24daysofheaven.com
herhustlenation.com
xn--oy2b27nt6b.net
hothotcogixem.online
hausmeisterservice-berlin.net
hjddbb.com
stoutfamilychiro.com
bookishthoughtsbychristy.com
gibellinaheartquake.com
8cf1utrb6.xyz
patrick-daggitt.com
ebcbank.net
angel909reviews.com
arcteryxsouthafricaonline.com
cutematvhy.com
art2z.com
bulkforeverstamps.com
heatbling.com
despachocontablequinsa.com
Targets
-
-
Target
93a9ea827dd8635158be7b107a40feeb50a52566698915f0c499a5f50c157200
-
Size
718KB
-
MD5
bfcc7c29b09747aaf19d959f3a2840ee
-
SHA1
0e8ba089874b1712f080c762e98b9cb6e3a4b1dd
-
SHA256
93a9ea827dd8635158be7b107a40feeb50a52566698915f0c499a5f50c157200
-
SHA512
a80147bac912e7bca77b03ce6234ca0debcfda6cd672762c0fc96683d3c9b0b8229097052e3cbd8fffbdacba728b5f97a01fe08317cad5c7bcdc1f10c09cf603
-
SSDEEP
12288:CvV+s1bSQT6tjjdB4SE4uryvTAed4aI6Qt2Pli/LwNEMz8X5HlKtxp5udJF5VOz:CtMLuwTAeeaI6A/LuAXaIJPVO
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-