General
-
Target
01e091955a83ba50c3b6324a89c6007d77798134465e1189cc3259906785262b.exe
-
Size
1.2MB
-
Sample
240522-r1eq5aef7y
-
MD5
ae2709b53bbe59af6094b3721d2e43e4
-
SHA1
85dd2c7acf90d25e656598d30008bc77f3d4a60b
-
SHA256
01e091955a83ba50c3b6324a89c6007d77798134465e1189cc3259906785262b
-
SHA512
9c62a99a932e173939614c638d524ce33ee68b5985eda8e9737f07584a8c9f40c8b13b42b206d6a221092bdd2aa39a5ab3860a3ca6a877282578e2bf587d124b
-
SSDEEP
24576:LiTAD3InHT6elgPzH6s5K4Z3LpNnp+JNwIl7TaTpCGCcYjb:LeM3LjgTv5T09nYjb
Static task
static1
Behavioral task
behavioral1
Sample
01e091955a83ba50c3b6324a89c6007d77798134465e1189cc3259906785262b.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
gy14
mavbam.com
theanhedonia.com
budgetnurseries.com
buflitr.com
alqamarhotel.com
2660348.top
123bu6.shop
v72999.com
yzyz841.xyz
247fracing.com
naples.beauty
twinklethrive.com
loscaseros.com
creditspisatylegko.site
sgyy3ej2dgwesb5.com
ufocafe.net
techn9nehollywoodundead.com
truedatalab.com
alterdpxlmarketing.com
harborspringsfire.com
soulheroes.online
tryscriptify.com
collline.com
tulisanemas.com
thelectricandsolar.com
jokergiftcard.buzz
sciencemediainstitute.com
loading-231412.info
ampsportss.com
dianetion.com
169cc.xyz
zezfhys.com
smnyg.com
elenorbet327.com
whatsapp1.autos
0854n5.shop
jxscols.top
camelpmkrf.com
myxtremecleanshq.services
beautyloungebydede.online
artbydianayorktownva.com
functional-yarns.com
accepted6.com
ug19bklo.com
roelofsen.online
batuoe.com
amiciperlacoda.com
883831.com
qieqyt.xyz
vendorato.online
6733633.com
stadtliche-arbeit.info
survivordental.com
mrbmed.com
elbt-ag.com
mtdiyx.xyz
mediayoki.site
zom11.com
biosif.com
aicashu.com
inovarevending.com
8x101n.xyz
ioherstrulybeauty.com
mosaica.online
venitro.com
Targets
-
-
Target
01e091955a83ba50c3b6324a89c6007d77798134465e1189cc3259906785262b.exe
-
Size
1.2MB
-
MD5
ae2709b53bbe59af6094b3721d2e43e4
-
SHA1
85dd2c7acf90d25e656598d30008bc77f3d4a60b
-
SHA256
01e091955a83ba50c3b6324a89c6007d77798134465e1189cc3259906785262b
-
SHA512
9c62a99a932e173939614c638d524ce33ee68b5985eda8e9737f07584a8c9f40c8b13b42b206d6a221092bdd2aa39a5ab3860a3ca6a877282578e2bf587d124b
-
SSDEEP
24576:LiTAD3InHT6elgPzH6s5K4Z3LpNnp+JNwIl7TaTpCGCcYjb:LeM3LjgTv5T09nYjb
-
Formbook payload
-
Adds policy Run key to start application
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-