General
-
Target
c77b45b902fb66b1bda25f0c9f32c152.bin
-
Size
608KB
-
Sample
240327-eth4rafe4y
-
MD5
73d5010ec747cb75d2792de09dfd5b10
-
SHA1
098b39fac2e0b182403d1e42c75294822da5f96d
-
SHA256
701fa689d6a4a6ae409e5e1cc427e1a46707090dea6a3efc446c72dcb42637d6
-
SHA512
0cf60e5e888b81e66cddce33ed482c33a7ab89b9408b0c7271189196e8844e3e94f9e6dc9ce96f82913de49c237694d4111f566ec2bccb94e6c61108c84db6c3
-
SSDEEP
12288:R3bfmPcXCHTr+/uMBNo/2EEgjK4dyAKI3GS+/7TEy0aBM0gB:Ff5XCzr0BNoLNK4hP+/FjgB
Static task
static1
Behavioral task
behavioral1
Sample
d56e9061e7f6df6e094d1582d817c381f8ce9ac6c3925cba5da96464487a18b7.exe
Resource
win7-20240215-en
Malware Config
Extracted
formbook
4.1
hy07
katemclaughl.in
worthyofficial.com
digitopia.click
ledmee.com
siwaasnz.life
ba-y.com
specifiedbuild.com
abandoned-houses-pt-0.bond
yesxoit.xyz
onlinemehrgeld.com
gosysamergoods.com
speakdontell.com
brokenequipmentsolutions.online
gruppofebi.cloud
adilosk.shop
supplierpartnerportal.com
wizov.dev
fast-homeinsurance.com
j88.vote
onamaevn.com
smartbatteryshunt.com
alivo-solutions-inc.net
qdcn16qy.shop
enmawholesale.com
experiencemedia.xyz
shoeloyalty.com
wylderosehealingarts.com
m-1263bets10.com
blanks.page
postcase.site
guangxiav.com
vitlrecruiting.info
go-re.one
rutie.net
donielss.com
hitwin.world
poshplaybliss.com
used-cars-25479.bond
riadanil.com
evrenfayans.xyz
cleopatraselixirs.com
beyondcarbon.xyz
pornimmersion.site
f8serial.site
theoriginals.farm
pvindustriesbv.com
santofantasy.shop
gosignkochava.com
akabox.net
valentinesteddyshop.com
closedealsin90days.com
goodsharbor.com
cbdmarkettrends.com
theartsincarter.com
massivedgeagency.website
totthoit.com
o0qqj7jm.shop
morningcallcoffeestandnola.com
51236.loan
omniahorizon.shop
hellasicks.com
soundbiscuitmusic.net
racerace2024.com
9yywk4.site
de-cosmeticenhancement.today
Targets
-
-
Target
d56e9061e7f6df6e094d1582d817c381f8ce9ac6c3925cba5da96464487a18b7.exe
-
Size
654KB
-
MD5
c77b45b902fb66b1bda25f0c9f32c152
-
SHA1
e17705713ede18731797bbfd7b5eb31a7ca52477
-
SHA256
d56e9061e7f6df6e094d1582d817c381f8ce9ac6c3925cba5da96464487a18b7
-
SHA512
61af84f112b704230a8f07ead38678e2e3052f55a86e8e7c8b480be2a0da03546801d03d328e663a6ba284ded71bba22bac3caf8365848b2e3e8abf8dfb2d348
-
SSDEEP
12288:Td4CMwtBBGV/8nu3JKhuL3RlcYgbXvApn76bUtaj6b0jZEgVzvF7B5P9ylA:FBJu3FLBlcYEXvApn76bJ3tEAzvNDP4
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-