General
-
Target
Invoice copy.pdf.exe
-
Size
608KB
-
Sample
240418-hkf5ksdh52
-
MD5
49e038fcffc683c025060ca5610e0ad3
-
SHA1
20007286f125b0f2dbd097000c1c3cd014372d1e
-
SHA256
37fd7b8035bd49b8dfad405a793428dda8cbf623de0133818756d05a1191d8b7
-
SHA512
18656778b3924b0eb02547d32bbf8949cda4b7734b2c94f95a1117f75bdc526d58bdec344bcfeff94ba14cfbe6bd2fa919288eecccb0d1d62d0b54a16384926f
-
SSDEEP
12288:7WkV9mUBhIooC3jjSc6bun4f8vNN3JRSA/DGzf9JEMWI:7WkV9mGuqzjSc6bkzN5RL/Ub9
Static task
static1
Behavioral task
behavioral1
Sample
Invoice copy.pdf.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
fs83
blastol.space
tomwalkerisfalco.com
us-sumatrraslimbellytonic.com
drywallandpaintingservice.com
vntapp.net
passportpages.site
at-mim.com
yeondagoods.com
teomanyildirim.com
paygame.site
senze.art
alhandco.com
9831bsej.xyz
traumatic.xyz
sos-soutien.com
thetechnolgy.live
washing-machine-46612.bond
marvsneakers.com
shequbaike.net
xc4f35fg4h35fg4h53.top
587659.com
mydiamondsea.com
purifyelements.com
key-royalty.com
aimuzil.fun
ykautomotives.com
naelm.xyz
memejseventhall.com
opensource.beer
whiskersfood.com
piedrajuansebastian.net
q3cts.baby
wdfa.xyz
marketfield.shop
id91920.com
22yorkwood.com
sogracefully.net
nodoubt2025tour.com
042024b.vip
fmegsw.com
zsqd4i.com
clashfitness.com
matrixtech.biz
ketoxiamejaworks.buzz
ariostech.com
cardingforum.co
comicdesk.xyz
johnsonforchair.com
mpower-recruitment.com
essenceemporium.us
die-mosaik.schule
saturnp.com
tophotoffers.com
rosamorflorerialima.com
askhelpsecur.us
lifestyledbymodigital.com
clintforcouncil2021.com
king1122.com
veterinariaconvet.com.co
jackandthebox.net
donderbosgames.com
wszy.site
off7979.com
justklip.com
buywestlakevillagehomes.com
Targets
-
-
Target
Invoice copy.pdf.exe
-
Size
608KB
-
MD5
49e038fcffc683c025060ca5610e0ad3
-
SHA1
20007286f125b0f2dbd097000c1c3cd014372d1e
-
SHA256
37fd7b8035bd49b8dfad405a793428dda8cbf623de0133818756d05a1191d8b7
-
SHA512
18656778b3924b0eb02547d32bbf8949cda4b7734b2c94f95a1117f75bdc526d58bdec344bcfeff94ba14cfbe6bd2fa919288eecccb0d1d62d0b54a16384926f
-
SSDEEP
12288:7WkV9mUBhIooC3jjSc6bun4f8vNN3JRSA/DGzf9JEMWI:7WkV9mGuqzjSc6bkzN5RL/Ub9
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-