General
-
Target
83741a566ed8044f4692b4070986ecb9.bin
-
Size
6KB
-
Sample
240327-de939aeb6t
-
MD5
a1804a84b6936d0bf9803802f69dd61d
-
SHA1
2b251b805852dda35867ab076acef14e579a82c2
-
SHA256
5e19b45849b0d53d8055f74f922811f3b158f599d303f8308caa87ecc178edc0
-
SHA512
6b88e9b7f3f184de4ab5975fa246ae3c006eb115d207d703f82447d3a71d5d76efc0da4246633d0f158c6fba3e3d68b66539143601a03a0692f2fba6384cac20
-
SSDEEP
192:WgYcT6p7ayswosKBA+Z/2p9pu9TrtsEzebN:WNMnwoy99puRrebN
Static task
static1
Behavioral task
behavioral1
Sample
aeff431cde6f10580b664967efe9793aa19130934b0e9f9d01d152e028fa3f2a.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
aeff431cde6f10580b664967efe9793aa19130934b0e9f9d01d152e028fa3f2a.vbs
Resource
win10v2004-20240319-en
Malware Config
Extracted
formbook
4.1
tt15
wholeplant.online
pornimmersive.site
gelcreativecollabs.com
novanewsbrasil.com
prefabhomes2024th.space
stelautosrl.online
wellnessmindfulhealth.com
qhgly.lol
thefutureshub.com
compk5l.info
insurance-offers.com
de-solarroof.today
pn-pasarwajo.com
rachelelice.com
inkninsight.com
innoviewclinical.com
austrofoods.com
mayanlanguagesaccess.co
ablaiserver.com
staffcanteencook200.buzz
reiniimi.com
nnaed.com
deliciusmalta.com
claudiaschneidercoaching.com
bigmanhauling.com
likesband.com
9hu5ewho.shop
perfectedmediagb.com
dozalfm.com
lcloud-com-website-s.us
scpotcar.com
regnacionalpremiums.site
voltenergieconseil.com
blueheartsofsoflo.net
theoasis-villas.com
offer-confirm.com
infocomptevitale.net
spaselah.com
m5845.cc
killianjacobs.autos
shopnestaus.com
aisamodel.com
casinoartimage.com
baribari-ramen.shop
workoutwitch.com
thetechsolutionhub.com
dickinsonnewhope.com
bushiroad-cn.com
self-divorce.com
prideweek.io
maxhealthguardianship.com
stephendempseysummit.com
ahtranquility.online
thesteambox.co
thecreativenoteboard.com
glechiu.xyz
carrierbagcreatures.com
iyadirphotographie.com
roykelley.com
horizonherald.cfd
boundinfear.com
anaeinigo.com
somo44.shop
vaahghartechsolutions.com
dpxj888.com
Targets
-
-
Target
aeff431cde6f10580b664967efe9793aa19130934b0e9f9d01d152e028fa3f2a.vbs
-
Size
10KB
-
MD5
83741a566ed8044f4692b4070986ecb9
-
SHA1
921fa0b4bbe043a6a2a9b972bceab1088acda6f5
-
SHA256
aeff431cde6f10580b664967efe9793aa19130934b0e9f9d01d152e028fa3f2a
-
SHA512
a4449f4ec76b25d0a8802afb93791c4522b1fcd14401349172d57ca93817a249b6fa8df2119b76ea3f76a9826592e54de17f0012b9d24d3fcc07bce7fa37bbde
-
SSDEEP
192:2M+7O579hFNNFU4wlr4ZRR/038AVVtkfLda+V9+ZMoce5QmDRs4ngSN+:2M+7O57dFU4wlr4r038AVQfL4+SZt13w
-
Formbook payload
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-