General
-
Target
381b35e5af5a4a41ab1e972a8d1fe85fd3c2a4fd9cc7131a48e85dc6663d8106
-
Size
581KB
-
Sample
240417-rswpnsbh77
-
MD5
f1b3e7f1f60a664122bdc7b75c7535a7
-
SHA1
7c9a3dea64562a6f8534aa454064cd9c3a54310e
-
SHA256
381b35e5af5a4a41ab1e972a8d1fe85fd3c2a4fd9cc7131a48e85dc6663d8106
-
SHA512
8348404433ca3f2e946b44bf1f025fe2bae219bedd4426140de22a89de7e512fa3b0785503e735a9dcdbd18f0cbd2b90377f1a54f125195cbd723cf98c3a5e8c
-
SSDEEP
12288:1M3zrmglU8L6W3EC1mGUIadvSHxdfy7eQwKdEZUS8w0pzGH5:1MPmgi8t4bd6Hxl4wKdEaSr0pzW5
Static task
static1
Behavioral task
behavioral1
Sample
7d08e32acf3a9ce5b471219b20d8c8c9bbe4fc03601f41b36291afdec86f39ce.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
pz08
deespresence.com
fanyablack.com
papermoonnursery.com
sunriseclohting.store
jenstandsforarkansas.com
lkhtalentconsulting.com
baerana.com
hyperphit.com
davidianbrant.com
itkagear.com
web-findmy.site
liveforwardventures.com
skyenglearn.online
studio-sticky.store
yassa-hany.online
tacoshack479.com
bigtexture.xyz
erxkula.shop
go-bloggers.com
qwdlwys.site
taylorpritchett.com
yobo-by.com
trendsdrop.com
boostyourselftoday.com
taxibactrungnam.com
sgzycp.net
anti-theft-device-82641.bond
ytytyt016.xyz
loveyourhome.style
ithinkmoney.com
bertric.info
permanentday.space
kxn.ink
onlythumbs.online
techrihno.com
washing-machine-46612.bond
phdop.xyz
nordens-media.com
gourmetfoodfactory.com
ketoalycetiworks.buzz
amplilim.site
usetruerreview.com
inprime.xyz
aloyoga-uae.com
quickfibrokers.com
primadesignerhomes.com
greatlifehacks.online
thewipglobal.com
tobegoodlife.net
hotelfincamalvasia.com
trevts.com
ae-skinlab.com
grammarhome.com
cld005.com
first-solution.online
keylabcerrajeria.com
besttravelsgate.com
friskiwear.com
hedrickmanufactory.com
pinewell.world
5819995.com
c2help.live
kai3.center
plantasdasminas.com
rdlva.com
Targets
-
-
Target
7d08e32acf3a9ce5b471219b20d8c8c9bbe4fc03601f41b36291afdec86f39ce.exe
-
Size
610KB
-
MD5
180b88380b53eb6b0076ec80fa7b2528
-
SHA1
9e3e6fa26b9321b47b0bd4c848aa84596629555b
-
SHA256
7d08e32acf3a9ce5b471219b20d8c8c9bbe4fc03601f41b36291afdec86f39ce
-
SHA512
fdeda60d179dc1fd6b24b8acde0dfc224d6c324f24c55952c89eab43c8cef353b46964bec6cd5266223155c431a7ff1273023827341c476cec45d5fdffbdbbb2
-
SSDEEP
12288:jxEd6WXvOWEp/thwJ8P9LhlI/tm1qFFdXvr6k:jxc4p//w+PVhl8uqLdD6
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-