General
-
Target
93ffb46ce3a6d27b2cb64dbda30d1594d39c305d665bdc6665516be2a280a243
-
Size
781KB
-
Sample
240509-na5cbahb55
-
MD5
8ab0cc5984b1d23278cf872476364418
-
SHA1
c3df6bb8cc0c82b3a431a37fb51030ad94a41167
-
SHA256
93ffb46ce3a6d27b2cb64dbda30d1594d39c305d665bdc6665516be2a280a243
-
SHA512
19b4d48a6ba7166bf170f35526a7420a8d82778dd6685d962a3f181ff1e789174b5aa03a5744d3e07df22d4a05ce23ae8f802ba559c99b35abc548e5d205d8d0
-
SSDEEP
12288:vhMtGXYHbraO6Hop6GDrB2tC4bsPdV630L9DH4Vel:siYqtG6yrBwC00DYgl
Static task
static1
Behavioral task
behavioral1
Sample
93ffb46ce3a6d27b2cb64dbda30d1594d39c305d665bdc6665516be2a280a243.exe
Resource
win7-20240508-en
Malware Config
Extracted
formbook
4.1
jn17
hynasty.com
africacementreview.com
5280micropantry.com
qcyu2.us
jl777-web.com
hcwsports.com
update-number-au.com
ymymvip.top
postds.buzz
dogwifnobrim.com
usapubpong.com
shopscoopido.com
medical-equipment.company
onyagu.com
tldrparent.com
jvpeople.com
seangalbraithphotography.com
ptt-gov.art
mutcosmeticsec.com
metameme.online
mwintallation.com
luxury-collectables.com
4uprofreefavorite.lat
asopiti.com
egmrm.club
optimaenergy.cloud
zb1zq9.vip
landavacations.com
lilwef.site
smart-beds-15979.bond
vedicloud.com
floodedbasementcleanupnovimi.us
barakehlocal.com
music-europe.com
johnasian.com
jinhengbinguan.com
lkiu.xyz
cma-graphic.com
beatamin.club
ybqo.cc
salahtimeonline.com
lsdlj.com
hhhky.top
synfuturedefi.app
268120.com
mecpu.com
6bi0d.us
sjmsd.loan
green-vending-co.com
jgrlum.shop
gamedaemons.site
odysseyeurope.com
obet2359.com
manegociation.com
divainparfaumsnl.shop
colissimo-portail.com
mthfrgeneawareness.xyz
santeportailameli.info
davidonej.com
nyarapiyo.com
xn--lrxq61dxlf.top
in2glass.com
groda.art
mememeclothingshop.com
erocom.link
Targets
-
-
Target
93ffb46ce3a6d27b2cb64dbda30d1594d39c305d665bdc6665516be2a280a243
-
Size
781KB
-
MD5
8ab0cc5984b1d23278cf872476364418
-
SHA1
c3df6bb8cc0c82b3a431a37fb51030ad94a41167
-
SHA256
93ffb46ce3a6d27b2cb64dbda30d1594d39c305d665bdc6665516be2a280a243
-
SHA512
19b4d48a6ba7166bf170f35526a7420a8d82778dd6685d962a3f181ff1e789174b5aa03a5744d3e07df22d4a05ce23ae8f802ba559c99b35abc548e5d205d8d0
-
SSDEEP
12288:vhMtGXYHbraO6Hop6GDrB2tC4bsPdV630L9DH4Vel:siYqtG6yrBwC00DYgl
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-