General
-
Target
240f134e5318c9efc8f4edb219a9b16f.bin
-
Size
514KB
-
Sample
240508-dg4n9afc4v
-
MD5
39343e0d8196e8d145083f601f837a4f
-
SHA1
eb7bb4bf56aedeb8bb81ecd23281884079bd661e
-
SHA256
5351cb6ffb66980a5394108f573c922f97dea26f1572d1bff864d979df88b264
-
SHA512
aba399e72f50349b6a34b9dc9c82a6701d890a36d6c03555236536ba51296b80a858dff079f1cb1176fc192f625b69edef9a724216d1c82a0f72b130edf3cfb1
-
SSDEEP
12288:uAP2hgyzQf8eg8KAH7V6HZUfXzH43vGOxfOai0yUvW31i2p1G:/2hJ5fAiUz43eOlTiUMikY
Static task
static1
Behavioral task
behavioral1
Sample
9dad6e1350810eaee247d225c134a39441f286907c861fd6c825656cc9224613.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
ij84
resetter.xyz
simonbelanger.me
kwip.xyz
7dbb9.baby
notion-everyday.com
saftiwall.com
pulse-gaming.com
fafafa1.shop
ihaveahole.com
sxtzzj.com
996688x.xyz
komalili.monster
haberdashere.store
nurselifegng.com
kidtryz.com
ghvx.xyz
1minvideopro.com
hidef.group
stylishbeststyler.space
spx21.com
spatialad.net
btstarvip.xyz
gofetcher.net
cqcready.net
thecommunitycatalyst.com
ssduckduckgo.com
hastingsmortgagegroup.com
mcminniespostersandmore.com
xn--vaffelppinne-zcb.com
thelsao.com
muddybootssalisbury.com
repetitionlaces.com
yao-med.com
hometotheworldcleaning.com
ampowersolar.com
xn--dtruire-bya.com
cryptofarm.space
ventaonline.site
davidedema.com
forklift-jobs-50425.bond
laserfusionart.com
mundosaludable.club
bndl.fit
lbexpress.shop
matthewbrownlee.com
viega.pro
recrooglobal.com
langzzzblog.online
m-1263bets10.com
surfacespecialistsnc.com
conallnolankitchens.com
80n.icu
bleeckha.us
thyselftrench.com
bawaslu-tual.com
elevatebuilders.co.za
spacekat.xyz
seniorlivinghub.today
aloyoga-southafricas.com
pickstreak.com
boutiquelrdesign.com
nazook.net
ifoxclicks.com
clinicallabpartner.com
budget-harmony.com
Targets
-
-
Target
9dad6e1350810eaee247d225c134a39441f286907c861fd6c825656cc9224613.exe
-
Size
816KB
-
MD5
240f134e5318c9efc8f4edb219a9b16f
-
SHA1
7150a57a5817c1602524fc2b3b8dfc2910b77148
-
SHA256
9dad6e1350810eaee247d225c134a39441f286907c861fd6c825656cc9224613
-
SHA512
704090e6007ae618f397d86ec1c7ffd8b2152cb2dfcbe6813a4d04963f07805ff7fd7f3ae4bdf99477f0791c31ede7609f59265a803893c7c89f07b62841f581
-
SSDEEP
12288:JYuePwisfcgWf/j5VtK+CVINMX9yKBg7vj1UJ:2uIydk/jPoi+9yKe/1U
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-