General
-
Target
MalwareBazaar.16
-
Size
620KB
-
Sample
240711-kaxqpazgng
-
MD5
6f6db1e7da6dcc039ad7a1bb95d153eb
-
SHA1
4e69bc26c9e11faececb76dfb4876165842a7383
-
SHA256
8bd0c48813f5c2578c3932b60ef84e4d62f7620f4f7e26d942f9765e2a589eae
-
SHA512
0088f6a5cae353de2d418d942b0f16d82883bdd55af64af433f4d10a1b29b044c8892c246fa3cc4b70b364b213be4ec05b4874bcccd316d9d475b52981ff98b6
-
SSDEEP
12288:eb+YVK+orv7oWukJFoimuR6W5lzi7Cq82cXEC1ki2rpEWdzFTTLyh:V1+jMBmu3zCxcj1kdEcF
Static task
static1
Behavioral task
behavioral1
Sample
MalwareBazaar.exe
Resource
win7-20240708-en
Malware Config
Extracted
formbook
4.1
sp26
co37.top
00050525.xyz
gucci-official.asia
xb1111.vip
brandignitemarketing.com
smqhr.vip
neuroenergetichealing.com
huskyrecords.com
bt365962.com
sonicmfers.com
bytoi.xyz
52725.xyz
tantargobank.com
quantumsolutionsblr.com
webzlp.xyz
euroelitegear.store
xyffaa.com
pickleballtvchampionship.com
hyrdomist.com
dgaaa.click
freetobe.cloud
d9666iii.com
fortunascience.com
swanzybz.christmas
sentradiskon.store
aprche.com
thepoolpatriot.com
pttapp.sbs
vasot.info
warmlycy.christmas
vintagesnap.shop
bestinkspot.com
beaconhillaccountants.com
l2l5f.rest
shtnalof.xyz
rizkkizak.bond
platform.vision
souvenirecommerce.com
activebabygear.com
touristplacesintripura.com
abcmuoisau.store
rajitha.xyz
ratesexchange.xyz
vidalkraft.com
evriukpostres.sbs
winvegasplus-casino.net
globalstimes.xyz
bondi.store
bt36565.com
ericjmusic.com
delco.agency
df5kj58.top
aakharikhaber.com
nmglawchambers.com
qzaxv.asia
smartvelocitybanking.com
lukaswarner.com
tapchain.fun
dalksj.com
xgzpw564r.xyz
bcas.app
viggo.motorcycles
incognicanada.com
theebdesigns.com
6na8m8k.asia
Targets
-
-
Target
MalwareBazaar.16
-
Size
620KB
-
MD5
6f6db1e7da6dcc039ad7a1bb95d153eb
-
SHA1
4e69bc26c9e11faececb76dfb4876165842a7383
-
SHA256
8bd0c48813f5c2578c3932b60ef84e4d62f7620f4f7e26d942f9765e2a589eae
-
SHA512
0088f6a5cae353de2d418d942b0f16d82883bdd55af64af433f4d10a1b29b044c8892c246fa3cc4b70b364b213be4ec05b4874bcccd316d9d475b52981ff98b6
-
SSDEEP
12288:eb+YVK+orv7oWukJFoimuR6W5lzi7Cq82cXEC1ki2rpEWdzFTTLyh:V1+jMBmu3zCxcj1kdEcF
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-