General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.21551.10154.exe
-
Size
629KB
-
Sample
240328-ex5rxseb7x
-
MD5
eebb33a5375ffd40682c86deea752033
-
SHA1
8ed7b849ba2829a164ee569995f2d4d8a8d90924
-
SHA256
8859d68e69b5464a0100ca99aed26dec828ae92287ce09ce984db073c66e8e4e
-
SHA512
77b5fb3046040512a93e4e7069a5e4ded1362c2913b928232d00be416f93619c21e5a3aef20516336eb81e7c4067f88ae67caeada31ddda7480b0a5e3fcf5fe5
-
SSDEEP
12288:DK0YOwqVT+BnEymdHekIrOuPhKPrbgAoOxCzSb0c6gb/wM4IKkR:DqO7VDVdDIrOusrbZoGWy0c9wM4IJ
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.21551.10154.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
dz25
sdw123.com
theflower-jeju.com
bigbargins.shop
xn--grsdetetizao-dcb9c.site
visionprobiz.com
ebruunalsigorta.xyz
51tree.net
tommeynadier.com
spx21.com
researchupdatehub.com
rserveohio.com
schemaconsultant.com
ec-peleti.com
songkokgelhq.shop
sixfigureswithkarah.net
quickfinancebrokerage.com
alliance-couverture.com
heartlandinnovates.com
art-friday.online
curi-o-rama.com
tlfpros.xyz
pusatjudionline1a.com
exitmusic.xyz
jegrapo.com
paintk.com
hyperbaricredlight.net
residencialvilaflora.com
learnorama.in
xpjs194.cc
szjfly.com
ucelmobilya.net
idealsconsulting.com
baku.technology
wijaya88e.xyz
marketpaysolutions.com
kuristusjuntta.com
marchlightfilms.com
memento5.com
tigus.us
escarlatalabs.com
emsonsupport.com
t3ht6g3.pw
goldprocleaning.com
verifycerts.net
nltwfkdt.info
ohmioz.com
qticompanny.com
thirteencat.com
eliteedgeresources.com
alsalmisteel.com
dfxzwd.xyz
daigaku-debut.info
aquamunitions.com
68296dd.com
asas886.com
boutiquecelestiala.com
tsg-egypt.com
cgdm.shop
bizzyprofitness.com
sayhellotonails.com
umeboshisan.tech
elnuevonuevoleon.com
glenpa.net
tbj.one
venusbackend.live
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.21551.10154.exe
-
Size
629KB
-
MD5
eebb33a5375ffd40682c86deea752033
-
SHA1
8ed7b849ba2829a164ee569995f2d4d8a8d90924
-
SHA256
8859d68e69b5464a0100ca99aed26dec828ae92287ce09ce984db073c66e8e4e
-
SHA512
77b5fb3046040512a93e4e7069a5e4ded1362c2913b928232d00be416f93619c21e5a3aef20516336eb81e7c4067f88ae67caeada31ddda7480b0a5e3fcf5fe5
-
SSDEEP
12288:DK0YOwqVT+BnEymdHekIrOuPhKPrbgAoOxCzSb0c6gb/wM4IKkR:DqO7VDVdDIrOusrbZoGWy0c9wM4IJ
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-