General
-
Target
Shipment-Receipt-4747474747747-DHL-EXPRESS.vbs
-
Size
157KB
-
Sample
240322-h8elnaca3x
-
MD5
37c7348eb9bdef26b5f45e9e12ff0ddf
-
SHA1
29e03db1f1c294254fa5af2b162229d37e887aed
-
SHA256
1337e58c0897622ba8376e5fd758a69392c8a49575777eb345d39a4ac7d1348e
-
SHA512
d986a4c1a345a08aba50cb36cb232b8a2b91060206409cf269d21905c551e1c6fae8936e67d1daf709c676285ff945b718211512eb93ad348156c2e7f4eee9ee
-
SSDEEP
3072:OarAcD0SZh/awGqU42RvG+q4xgc3RR+vsZbqXRF1kEcVwJbkd+xCQqV4TgJaSH:P7D0Sn/s42Rvrq4xgc3RR+vYbqXRFtcz
Static task
static1
Behavioral task
behavioral1
Sample
Shipment-Receipt-4747474747747-DHL-EXPRESS.vbs
Resource
win7-20240220-en
Malware Config
Extracted
formbook
4.1
fe15
ivynet.online
luckypermaisuri4d.monster
airoma.top
kp2d.xyz
oliviarosebridal.com
cartelcollectionz.com
qereport.com
radyomdeniz.com
nakedsonproductions.com
hanamasa.xyz
demontimemail.com
shannoncarpenterrealtor.online
jlzjunkremoval.com
key-talent-solutions.com
jaydanne.com
dmstgy.site
rings-32342.bond
gpoixev.online
orabox.shop
carrothong.space
opip5qg6mgyo.cc
spwiy.com
kkuulo.shop
mugsla.com
bookstoreand.store
veganromantics.com
krystian.wtf
expressplumbingsolution.xyz
peopleclick.xyz
senior-living-10303.bond
mateosmessage.com
ketorushacv.net
charger-life.com
massfact.shop
9841226.com
5819995.com
suzakga.com
shimmys.co
jbsquaredsolutions.com
a101onlinel.com
luminousfinds.com
mialeproduction.com
va-jobs-nz.today
wordsofwisdom.online
damaloja.com
leadingcentre.com
confluence-collective.com
forex-market.trade
mlcandlecreations.com
drawyourprojects.com
shania-whiteman.site
seesparkedconnections.xyz
matrimonioinquota.com
iriscastilloportfolio.com
abursalvage.com
zaltaire.com
acunamatatavacations.us
dandylionorganics.com
mbs303jp.buzz
glamandminks.com
leplap.cam
delosite.com
againstoddscoding.com
smileyshop.website
com-smdi-al-frsat.shop
Targets
-
-
Target
Shipment-Receipt-4747474747747-DHL-EXPRESS.vbs
-
Size
157KB
-
MD5
37c7348eb9bdef26b5f45e9e12ff0ddf
-
SHA1
29e03db1f1c294254fa5af2b162229d37e887aed
-
SHA256
1337e58c0897622ba8376e5fd758a69392c8a49575777eb345d39a4ac7d1348e
-
SHA512
d986a4c1a345a08aba50cb36cb232b8a2b91060206409cf269d21905c551e1c6fae8936e67d1daf709c676285ff945b718211512eb93ad348156c2e7f4eee9ee
-
SSDEEP
3072:OarAcD0SZh/awGqU42RvG+q4xgc3RR+vsZbqXRF1kEcVwJbkd+xCQqV4TgJaSH:P7D0Sn/s42Rvrq4xgc3RR+vYbqXRFtcz
-
Formbook payload
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-