General
-
Target
LF20240228.exe
-
Size
652KB
-
Sample
240326-p1sa4sde2w
-
MD5
26a38af05a6bdd23f047eb65fee67251
-
SHA1
61633e621f7d7cdcca5936b27a18cfe7e5169aae
-
SHA256
3bd968f2cff76757eb1bf75e19e8302ef97417c65ce9c0accf578eafae435c6a
-
SHA512
7d852f05e4377b77691c3c7517609b6bd12c96d0c5dfe0bb330974ff891731529c12da9a7d52ea0f4e526fd35ce35237bfe40d2099afc12f59e58f95157e16b9
-
SSDEEP
12288:JCTYHa5WHBh2Izs6vHhIlvyuq7it546mz2p9:QTYNHU6vHKlvU7ij46mKp
Static task
static1
Behavioral task
behavioral1
Sample
LF20240228.exe
Resource
win7-20240319-en
Malware Config
Extracted
formbook
4.1
hy07
katemclaughl.in
worthyofficial.com
digitopia.click
ledmee.com
siwaasnz.life
ba-y.com
specifiedbuild.com
abandoned-houses-pt-0.bond
yesxoit.xyz
onlinemehrgeld.com
gosysamergoods.com
speakdontell.com
brokenequipmentsolutions.online
gruppofebi.cloud
adilosk.shop
supplierpartnerportal.com
wizov.dev
fast-homeinsurance.com
j88.vote
onamaevn.com
smartbatteryshunt.com
alivo-solutions-inc.net
qdcn16qy.shop
enmawholesale.com
experiencemedia.xyz
shoeloyalty.com
wylderosehealingarts.com
m-1263bets10.com
blanks.page
postcase.site
guangxiav.com
vitlrecruiting.info
go-re.one
rutie.net
donielss.com
hitwin.world
poshplaybliss.com
used-cars-25479.bond
riadanil.com
evrenfayans.xyz
cleopatraselixirs.com
beyondcarbon.xyz
pornimmersion.site
f8serial.site
theoriginals.farm
pvindustriesbv.com
santofantasy.shop
gosignkochava.com
akabox.net
valentinesteddyshop.com
closedealsin90days.com
goodsharbor.com
cbdmarkettrends.com
theartsincarter.com
massivedgeagency.website
totthoit.com
o0qqj7jm.shop
morningcallcoffeestandnola.com
51236.loan
omniahorizon.shop
hellasicks.com
soundbiscuitmusic.net
racerace2024.com
9yywk4.site
de-cosmeticenhancement.today
Targets
-
-
Target
LF20240228.exe
-
Size
652KB
-
MD5
26a38af05a6bdd23f047eb65fee67251
-
SHA1
61633e621f7d7cdcca5936b27a18cfe7e5169aae
-
SHA256
3bd968f2cff76757eb1bf75e19e8302ef97417c65ce9c0accf578eafae435c6a
-
SHA512
7d852f05e4377b77691c3c7517609b6bd12c96d0c5dfe0bb330974ff891731529c12da9a7d52ea0f4e526fd35ce35237bfe40d2099afc12f59e58f95157e16b9
-
SSDEEP
12288:JCTYHa5WHBh2Izs6vHhIlvyuq7it546mz2p9:QTYNHU6vHKlvU7ij46mKp
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-