General
-
Target
payment-order90094983.exe
-
Size
894KB
-
Sample
240508-jd5p2ahe2v
-
MD5
bad0cd306914d3086f8f4ebb225efa9d
-
SHA1
b4743c8801561f5918cc2cb7dabe9cf85f4eb0ec
-
SHA256
1d7754c8cc8eb7df3bd429fe9806b85f7f6fbd768ff59948a1772eace6dec77c
-
SHA512
35609b310a174d4ac3dc3cee729709b200186b37d2d0fa081391c1a5d0b964a6ece43cf739f4ddd2511ec41bf1ba83b7c69906914cc3dd4c904f1291c16e2e01
-
SSDEEP
12288:RfDCdicl4IfmVIhQbZgU1Hp40gSqHx5NBsZp9XLDvCRzCwv4xvzc2PgMlv87y4v0:RciUhNhE2694zCsEvzvPgCCy4af
Static task
static1
Behavioral task
behavioral1
Sample
payment-order90094983.exe
Resource
win7-20240215-en
Malware Config
Extracted
formbook
4.1
hd05
businessjp6-51399.info
countyyoungpest.com
taxilasamericas.com
stairs.parts
nrgsolutions.us
cbdgirl.guru
dropshunter.net
adorabubble.co.za
alcohomeexteriors.com
aquariusbusiness.info
zaginione.com
pintoresmajadahonda.com
fursace.club
musiletras.co
carpoboutiquehotel.com
redacted.investments
symplywell.me
lezxop.xyz
stmbbill.com
1509068.cc
savdesign.online
gaiacoreresearch.com
pivoluvva-usa.com
kathrynmirabella.com
ziplnk.xyz
furanoikedanouen.com
regenesisvista.world
lorenzodavissr.com
friendlyemporium.com
7727.info
moledistillery.com
geturpdtaemza.com
sparkfirestarter.net
q3hjns.shop
thingsidonaked.com
attack.info
salihkaradag.com
vn6b6q.com
thierrydoublein.com
buddhasiddhartha.com
uniqueofferss.com
trexendofparadise.club
evans-gdaddy-test-domain.online
kgroundx.com
2us7o.us
damtherncooling.com
kakashi-hatake.shop
blogonrunning.com
lovepox.com
ramediatech.online
satwaspin.net
greenink.store
tuskerlogix.com
codyscalls.com
system.ngo
connect-talent.com
addck.top
teramilab.com
yuyuklmn123888yy.xyz
9orwr6.vip
nubeqa77.life
lmpalmour.com
sandeshkrantinews.in
find-buildings.com
vagabondtracks.com
Targets
-
-
Target
payment-order90094983.exe
-
Size
894KB
-
MD5
bad0cd306914d3086f8f4ebb225efa9d
-
SHA1
b4743c8801561f5918cc2cb7dabe9cf85f4eb0ec
-
SHA256
1d7754c8cc8eb7df3bd429fe9806b85f7f6fbd768ff59948a1772eace6dec77c
-
SHA512
35609b310a174d4ac3dc3cee729709b200186b37d2d0fa081391c1a5d0b964a6ece43cf739f4ddd2511ec41bf1ba83b7c69906914cc3dd4c904f1291c16e2e01
-
SSDEEP
12288:RfDCdicl4IfmVIhQbZgU1Hp40gSqHx5NBsZp9XLDvCRzCwv4xvzc2PgMlv87y4v0:RciUhNhE2694zCsEvzvPgCCy4af
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-