General
-
Target
e64a5a0e34ecb51c2c40cb84016354e096b7c5bc34f5a841d685e94844644ad6.xz
-
Size
552KB
-
Sample
240213-ghlfvagg9v
-
MD5
c48f37f0177729809b87e75064b0045b
-
SHA1
64a8c6600c6ecc7c417f399fba404722184fe475
-
SHA256
e64a5a0e34ecb51c2c40cb84016354e096b7c5bc34f5a841d685e94844644ad6
-
SHA512
1dc3d778042d00a46355865e8bda8e0293e9133c23a8993e9196e6b438cf06e6bee00c317029c799f85fa1cc0ed4e1627bba18bdf6884faab1b5817c7a4f8746
-
SSDEEP
12288:ljoq0EQMmDKYlMfkrPtBIGKw3f+92geREVJFbrUb6Ttes7xTrLXMCKf:h8M4KYycrPruo+NeILBZp7xvLXpQ
Static task
static1
Behavioral task
behavioral1
Sample
e64a5a0e34ecb51c2c40cb84016354e096b7c5bc34f5a841d685e94844644ad6.exe
Resource
win7-20231215-en
Malware Config
Extracted
formbook
4.1
kmge
jia0752d.com
cq0jt.sbs
whimsicalweddingrentals.com
meetsex-here.life
hhe-crv220.com
bedbillionaire.com
soycmo.com
mrawkward.xyz
11ramshornroad.com
motoyonaturals.com
thischicloves.com
gacorbet.pro
ihsanid.com
pancaketurner.com
santanarstore.com
cr3dtv.com
negotools.com
landfillequip.com
sejasuapropriachefe.com
diamant-verkopen.store
builtonmybrother.art
teoti.beauty
kickssoccercamp.com
chickfrau.com
compare-energy.com
icvp5o.xyz
susan-writes.com
dropletcoin.com
sivertool.com
sup-25987659.com
weedz-seeds.today
agritamaperkasaindonesia.com
safwankhalil.com
jm2s8a3mz.com
wfjwjm.com
be-heatpumps.life
hcwoodpanel.com
n5l780.com
mandalah.art
szexvideokingyen.sbs
justinroemmick.com
thecoolkidsdontfitin.com
gsolartech.com
swisswearables.com
chicagocarpetcleaneril.com
terrazahills-cbre.com
santatainha.com
sacksmantenimiento.store
wzhem.rest
shearwaterpembrokeshire.com
baansantiburi.com
mid-size-suv-87652.com
solunchina.com
nandos.moe
blucretebistro.com
identificatiekvk.digital
8772876.com
longfangyun.com
litblacklit.com
mobilferrari.com
zeeedajewelermusic.com
allenbach.swiss
industrialrevolution.ink
cmgamingtrack.com
a2zglobalimports.com
Targets
-
-
Target
e64a5a0e34ecb51c2c40cb84016354e096b7c5bc34f5a841d685e94844644ad6
-
Size
814KB
-
MD5
8fc83cdc44075773ee401f010d2443b0
-
SHA1
96cd91bb463dcb0f7b56e94bf2cb15d7dc8f63b6
-
SHA256
220977b28fc847b8a2d7c65d3d19a3859e3e62dc5e19edaf4909965516a91694
-
SHA512
12a5cf0ee3c995faf09f821e4f4db1bf4f50c5ead57e72bf6e518b38c4d14a020724698e0930ea515ddeb810464ab9c9a616e3c8cd0a7e82ce64ab58a614f597
-
SSDEEP
12288:mj6mRlmDKClMfkrPEBuGKw3f+s2geR3VJ6wGllh5VelrQTydKp:m2a4KCycrPQIo+aePgDalrQTl
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-