General
-
Target
MT103 Payment.vbs
-
Size
197KB
-
Sample
240411-jcyv4aeg22
-
MD5
51a98cebc5b27026d4e22b92b41aa281
-
SHA1
9343365dcb890e0a0f038154a96d3864c54dd814
-
SHA256
ebdc7ba940943208d7a0b8398423ca10c4c6e049de62c54a7316a15e0b5974b6
-
SHA512
274f99a3281f4abe32994fd03858f87623e1a72562357b31e3ff48e9406c53020810d5be704fac4ab61ae3954339146370c129a5ce0cff02e3e10c7c36b55861
-
SSDEEP
1536:L01xea22UAt5M2xCvoenR/ybVDMGOvZo5PGwzB3hzBgjzB3hzBPhg5DpXZjJPHGV:LcfUAzMI6oeDd9PWxNj53e
Static task
static1
Behavioral task
behavioral1
Sample
MT103 Payment.vbs
Resource
win7-20240220-en
Malware Config
Extracted
formbook
4.1
m07a
shakishaskakes.com
com222.shop
thailand-package.in
apexu.xyz
xlmagnemite.com
nagapura.com
auralights.store
springupfashionsalon.com
ecoessentiaer.shop
myorra.com
xasvcd.xyz
zachbynesdesigns.art
qdaoxingsujiao.com
workproapi.site
pbmengineering.com
cioccasubaruspecials.com
tmotest.com
yipaijihejiaoyu.com
msaway.com
jfn3d.cc
potentpolitics.com
gumuszemin.com
elimmedcentre.com
tveuropetravel.com
cryptoshipping-cargo.site
123b.bingo
auspilifepharma.com
nacob.top
cnexam.net
royal-buttons.com
stanleywarner.autos
s1mple-giveaways.com
cairns.care
slimshakeshop.online
speakgeni.us
qnttlw.com
kitty-fit.com
recordlabeltime.com
balancceer.top
cerkust.info
cursosead.pro
ukrfilmtrest.com
rewardraptor.net
welqi.com
chronotypecolab.com
loj-wroie.com
lauracecilia.com
luminouscar.info
theschoolofbooks.shop
manjuc.xyz
successchasersltd.com
matchuplover.com
proomtb.com
rankrise.shop
theiceden.co
adeptetho.com
myshup.net
bet7839.com
propertiesfinance.com
izii.online
herb.boutique
nobook.xyz
yucampos.co
liabillityinsurance.com
lunazone.us
Targets
-
-
Target
MT103 Payment.vbs
-
Size
197KB
-
MD5
51a98cebc5b27026d4e22b92b41aa281
-
SHA1
9343365dcb890e0a0f038154a96d3864c54dd814
-
SHA256
ebdc7ba940943208d7a0b8398423ca10c4c6e049de62c54a7316a15e0b5974b6
-
SHA512
274f99a3281f4abe32994fd03858f87623e1a72562357b31e3ff48e9406c53020810d5be704fac4ab61ae3954339146370c129a5ce0cff02e3e10c7c36b55861
-
SSDEEP
1536:L01xea22UAt5M2xCvoenR/ybVDMGOvZo5PGwzB3hzBgjzB3hzBPhg5DpXZjJPHGV:LcfUAzMI6oeDd9PWxNj53e
-
Formbook payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-