General
-
Target
36ea0fcb3de1dc5e44093421767b3d4ce59b7a04e2d800d663ae63c745e0c98b.zip
-
Size
507KB
-
Sample
240511-kfxymsbh25
-
MD5
1ed979112a4dbdcd8493f612d656ed1f
-
SHA1
046867a298a2425bf7d186e9d876d2316a7cecbf
-
SHA256
36ea0fcb3de1dc5e44093421767b3d4ce59b7a04e2d800d663ae63c745e0c98b
-
SHA512
1df21665c69f7b62fcfb6bc4f8dcdb370d7a33438c895a4ea99a2ff3f8b345eec12ca966df5e5801c9017024ec3ae4e631ba38712159eab22bca8e007bd6d771
-
SSDEEP
6144:UyKMeQYD+lA9jGKocCU2u8Sof1Bu1oowhqnXr9EXGgmV8qSMikJseAmAzRaviWe:nKMeD6e4FcCTSoDW1AVmVLSMtAzAviWe
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER43524#.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
ij84
resetter.xyz
simonbelanger.me
kwip.xyz
7dbb9.baby
notion-everyday.com
saftiwall.com
pulse-gaming.com
fafafa1.shop
ihaveahole.com
sxtzzj.com
996688x.xyz
komalili.monster
haberdashere.store
nurselifegng.com
kidtryz.com
ghvx.xyz
1minvideopro.com
hidef.group
stylishbeststyler.space
spx21.com
spatialad.net
btstarvip.xyz
gofetcher.net
cqcready.net
thecommunitycatalyst.com
ssduckduckgo.com
hastingsmortgagegroup.com
mcminniespostersandmore.com
xn--vaffelppinne-zcb.com
thelsao.com
muddybootssalisbury.com
repetitionlaces.com
yao-med.com
hometotheworldcleaning.com
ampowersolar.com
xn--dtruire-bya.com
cryptofarm.space
ventaonline.site
davidedema.com
forklift-jobs-50425.bond
laserfusionart.com
mundosaludable.club
bndl.fit
lbexpress.shop
matthewbrownlee.com
viega.pro
recrooglobal.com
langzzzblog.online
m-1263bets10.com
surfacespecialistsnc.com
conallnolankitchens.com
80n.icu
bleeckha.us
thyselftrench.com
bawaslu-tual.com
elevatebuilders.co.za
spacekat.xyz
seniorlivinghub.today
aloyoga-southafricas.com
pickstreak.com
boutiquelrdesign.com
nazook.net
ifoxclicks.com
clinicallabpartner.com
budget-harmony.com
Targets
-
-
Target
NEW ORDER43524#.exe
-
Size
816KB
-
MD5
240f134e5318c9efc8f4edb219a9b16f
-
SHA1
7150a57a5817c1602524fc2b3b8dfc2910b77148
-
SHA256
9dad6e1350810eaee247d225c134a39441f286907c861fd6c825656cc9224613
-
SHA512
704090e6007ae618f397d86ec1c7ffd8b2152cb2dfcbe6813a4d04963f07805ff7fd7f3ae4bdf99477f0791c31ede7609f59265a803893c7c89f07b62841f581
-
SSDEEP
12288:JYuePwisfcgWf/j5VtK+CVINMX9yKBg7vj1UJ:2uIydk/jPoi+9yKe/1U
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-