General
-
Target
ed70aaa765d3f4e890b381829f6ab14eef928f6fc9bc6207f83dec6695525924.exe
-
Size
619KB
-
Sample
240328-c7t23add3w
-
MD5
996f511df3eb434b0c8c8bb2f5ffac86
-
SHA1
61c47ca95118845ed58d0a95861534b2c697e073
-
SHA256
ed70aaa765d3f4e890b381829f6ab14eef928f6fc9bc6207f83dec6695525924
-
SHA512
443152150b99c31c82ef2d74e6a9bbba4b970c4863ed4527b6df299f622705c72a72d0e34f1698227cd463ed77d66322d284f8e650451dc020d2d62b69e04d13
-
SSDEEP
12288:WG2iNlw0Tpi/K61Zp5TIoc2uEj+5Qf+rdu7BrYb0kg4taHk9KnQbJUNkR:h1XLodbpOoci2Q+rdUrYQjHkcQbZ
Static task
static1
Behavioral task
behavioral1
Sample
ed70aaa765d3f4e890b381829f6ab14eef928f6fc9bc6207f83dec6695525924.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
dd20
unblurd.com
docu-zign.com
randijpaulsen.com
angsabet.com
sedatelynx.com
opiumcore.store
thelordismysaviormerch.com
mindstudio.support
waterbygraceteam.com
furnitureinspiredbythesea.com
amablanca.com
hespelerdental.com
arcalid.net
balajinursingbureau.online
caixias.shop
solingen-buergerstiftung.com
194916.top
6travel-insurance.xyz
xn--fiqp9b17y.xn--czr694b
syntixi.trade
dataaudit.xyz
judgefever.com
agapornis.pet
sparkasse-banking-service.app
holylandmerch.com
synive.com
knittingbyangela.com
keytorapidweightloss.com
maradesarrollos.store
asherveer.com
kalame.info
khuwezu.top
myfreebd.com
jeepcherokeedeals.xyz
pointschauds.net
narae.xyz
nsivyyu.top
vetlinx360.com
1709frankford.com
checchintrasportilogistica.com
grupoagrarius.com
themasternoi.com
wurdsspeledrong.com
xn--diseafacil-w9a.com
playtoown.shop
butrikl.xyz
amazonpublisherservice.com
belihape.com
ajaysilverpalace.in
geredehanhotel.com
cruises-11028.bond
catering-57592.bond
haloogi.com
compasstransportaion.com
713952.site
downloadfirekirin.xyz
soapcoverr.store
wellnesswomenassociation.com
nortiapro.com
trustedoakllc.info
canadasimnigeria.com
aiappsreviews.com
dct15.com
venenciadorapp.com
fight4yourhappiness.com
Targets
-
-
Target
ed70aaa765d3f4e890b381829f6ab14eef928f6fc9bc6207f83dec6695525924.exe
-
Size
619KB
-
MD5
996f511df3eb434b0c8c8bb2f5ffac86
-
SHA1
61c47ca95118845ed58d0a95861534b2c697e073
-
SHA256
ed70aaa765d3f4e890b381829f6ab14eef928f6fc9bc6207f83dec6695525924
-
SHA512
443152150b99c31c82ef2d74e6a9bbba4b970c4863ed4527b6df299f622705c72a72d0e34f1698227cd463ed77d66322d284f8e650451dc020d2d62b69e04d13
-
SSDEEP
12288:WG2iNlw0Tpi/K61Zp5TIoc2uEj+5Qf+rdu7BrYb0kg4taHk9KnQbJUNkR:h1XLodbpOoci2Q+rdUrYQjHkcQbZ
-
Detects executables packed with SmartAssembly
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-