General
-
Target
Signed Proforma Invoice 3645479_pdf.vbs
-
Size
112KB
-
Sample
240418-xr3pgsdd3t
-
MD5
9e049f3029a5a6df1ab5d77d1a934ce3
-
SHA1
a31e0f94e0ee4dba78bc8adc291e1035d48561bd
-
SHA256
0831fee0915f056e6ca78e9a83a2fe75260a197c0d64e7a200ab8ebfc3479536
-
SHA512
de4fc68e686362318b5a77308a5b69fb43745b288f4043baf5929a12ea1d4b33fd9336472a13c010808c5feb75f519f2e5c3244374d9777f32d9f06d69abd4b7
-
SSDEEP
1536:Hxhb3QosU1lBHFcJUJI+YZb5bJ9Gmgz/+rtfRDFqGb5uJZUU0tKl9CP8Z:HjQNU1DHFUGmgURDFBe0tKl9CP4
Static task
static1
Behavioral task
behavioral1
Sample
Signed Proforma Invoice 3645479_pdf.vbs
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
m07a
shakishaskakes.com
com222.shop
thailand-package.in
apexu.xyz
xlmagnemite.com
nagapura.com
auralights.store
springupfashionsalon.com
ecoessentiaer.shop
myorra.com
xasvcd.xyz
zachbynesdesigns.art
qdaoxingsujiao.com
workproapi.site
pbmengineering.com
cioccasubaruspecials.com
tmotest.com
yipaijihejiaoyu.com
msaway.com
jfn3d.cc
potentpolitics.com
gumuszemin.com
elimmedcentre.com
tveuropetravel.com
cryptoshipping-cargo.site
123b.bingo
auspilifepharma.com
nacob.top
cnexam.net
royal-buttons.com
stanleywarner.autos
s1mple-giveaways.com
cairns.care
slimshakeshop.online
speakgeni.us
qnttlw.com
kitty-fit.com
recordlabeltime.com
balancceer.top
cerkust.info
cursosead.pro
ukrfilmtrest.com
rewardraptor.net
welqi.com
chronotypecolab.com
loj-wroie.com
lauracecilia.com
luminouscar.info
theschoolofbooks.shop
manjuc.xyz
successchasersltd.com
matchuplover.com
proomtb.com
rankrise.shop
theiceden.co
adeptetho.com
myshup.net
bet7839.com
propertiesfinance.com
izii.online
herb.boutique
nobook.xyz
yucampos.co
liabillityinsurance.com
lunazone.us
Targets
-
-
Target
Signed Proforma Invoice 3645479_pdf.vbs
-
Size
112KB
-
MD5
9e049f3029a5a6df1ab5d77d1a934ce3
-
SHA1
a31e0f94e0ee4dba78bc8adc291e1035d48561bd
-
SHA256
0831fee0915f056e6ca78e9a83a2fe75260a197c0d64e7a200ab8ebfc3479536
-
SHA512
de4fc68e686362318b5a77308a5b69fb43745b288f4043baf5929a12ea1d4b33fd9336472a13c010808c5feb75f519f2e5c3244374d9777f32d9f06d69abd4b7
-
SSDEEP
1536:Hxhb3QosU1lBHFcJUJI+YZb5bJ9Gmgz/+rtfRDFqGb5uJZUU0tKl9CP8Z:HjQNU1DHFUGmgURDFBe0tKl9CP4
-
Formbook payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-