General
-
Target
9206da924147e9cc204405a4fe9494c19fb50365c243188ee80ebeeae7d39351.exe
-
Size
537KB
-
Sample
231127-vhnsvsad5z
-
MD5
eddb45e0917911908d24f104fcf134dd
-
SHA1
09c5c74cdb780570b97d953b6c64aa519eb352be
-
SHA256
9206da924147e9cc204405a4fe9494c19fb50365c243188ee80ebeeae7d39351
-
SHA512
f261a60e021e092eb008f2b53ac57e054adc48ad933aebdc36cce2e3f10a005ba42c5b1a1b6031da7d75ce95415f14434f8e32f37f593b6dac796ba13166e2c4
-
SSDEEP
12288:1y8o94Kms3Y4K/O0nCQJ47/znWk/eFecVPuLWnVerFVCKEH:1FCiALixnd2jW+ykVpV1e
Static task
static1
Behavioral task
behavioral1
Sample
9206da924147e9cc204405a4fe9494c19fb50365c243188ee80ebeeae7d39351.exe
Resource
win7-20231023-en
Malware Config
Extracted
formbook
4.1
gy14
mavbam.com
theanhedonia.com
budgetnurseries.com
buflitr.com
alqamarhotel.com
2660348.top
123bu6.shop
v72999.com
yzyz841.xyz
247fracing.com
naples.beauty
twinklethrive.com
loscaseros.com
creditspisatylegko.site
sgyy3ej2dgwesb5.com
ufocafe.net
techn9nehollywoodundead.com
truedatalab.com
alterdpxlmarketing.com
harborspringsfire.com
soulheroes.online
tryscriptify.com
collline.com
tulisanemas.com
thelectricandsolar.com
jokergiftcard.buzz
sciencemediainstitute.com
loading-231412.info
ampsportss.com
dianetion.com
169cc.xyz
zezfhys.com
smnyg.com
elenorbet327.com
whatsapp1.autos
0854n5.shop
jxscols.top
camelpmkrf.com
myxtremecleanshq.services
beautyloungebydede.online
artbydianayorktownva.com
functional-yarns.com
accepted6.com
ug19bklo.com
roelofsen.online
batuoe.com
amiciperlacoda.com
883831.com
qieqyt.xyz
vendorato.online
6733633.com
stadtliche-arbeit.info
survivordental.com
mrbmed.com
elbt-ag.com
mtdiyx.xyz
mediayoki.site
zom11.com
biosif.com
aicashu.com
inovarevending.com
8x101n.xyz
ioherstrulybeauty.com
mosaica.online
venitro.com
Targets
-
-
Target
9206da924147e9cc204405a4fe9494c19fb50365c243188ee80ebeeae7d39351.exe
-
Size
537KB
-
MD5
eddb45e0917911908d24f104fcf134dd
-
SHA1
09c5c74cdb780570b97d953b6c64aa519eb352be
-
SHA256
9206da924147e9cc204405a4fe9494c19fb50365c243188ee80ebeeae7d39351
-
SHA512
f261a60e021e092eb008f2b53ac57e054adc48ad933aebdc36cce2e3f10a005ba42c5b1a1b6031da7d75ce95415f14434f8e32f37f593b6dac796ba13166e2c4
-
SSDEEP
12288:1y8o94Kms3Y4K/O0nCQJ47/znWk/eFecVPuLWnVerFVCKEH:1FCiALixnd2jW+ykVpV1e
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-