General
-
Target
Potvrda.cmd
-
Size
1.0MB
-
Sample
240711-nmbkrsxamg
-
MD5
c9ad0db8c48595796320909adcf7a303
-
SHA1
a9a21e3819907bba8fc0661e84fe0a7e49b4905c
-
SHA256
909903adda36dcfc103a5260990c7ca1f47b4644672f2d94446c7e6e86f25a35
-
SHA512
cdb375e941627757cc78f4bb1b7360b8512c4f0f3a145203b5807f7027d4a952f129f4a6367e7cbd9e0bd3613bd573eafb17e6967beb36e1039f99cb20f05f4f
-
SSDEEP
24576:3r+gYZO1+u+KAgevoPUENFs0Y09Ea9P+Ex4yE:QRnyHp9O
Static task
static1
Behavioral task
behavioral1
Sample
Potvrda.exe
Resource
win7-20240708-en
Malware Config
Extracted
formbook
4.1
dn03
almouranipainting.com
cataloguia.shop
zaparielectric.com
whcqsc.com
ioco.in
aduredmond.com
vavada611a.fun
humtivers.com
jewellerytml.com
mcapitalparticipacoes.com
inhlcq.shop
solanamall.xyz
moviepropgroup.com
thegenesis.ltd
cyberxdefend.com
skinbykoco.com
entermintlead.com
honestaireviews.com
wyclhj7gqfustzp.buzz
w937xb.com
bakuusa.online
sabong-web.com
52cg2.club
jasonnutter.golf
odbet555.app
vipmotoryatkiralama.com
auravibeslighting.com
pulsesautos.com
imdcaam.com
vivaness.club
bovverbadges.com
giaydonghai.online
aditi-jobs.com
numericalsemantics.com
shoprazorlaser.com
lovedacademy.com
gets-lnds.io
teyo293.xyz
banditsolana.com
delivery-jobs-76134.bond
ppp5716.buzz
zjmeterial.com
de-ponqk.top
bntyr76rhg.top
servicepmgtl.world
nailtimelocust.top
paperappa.com
80sos.com
daysofbetting.com
slaytheday.fun
travauxdefou.com
bx2zyg.com
thecoxnews.com
qriskaq.com
top-dao.com
krstockly1.shop
roiwholesale.com
pajero777ads.click
twistedrubytx.com
thesovreignkingdomofmaui.info
cataclysmicgamingapparel.com
verxop.xyz
xn--kwra1023b.com
winterclairee.com
sukhiclothing.com
Targets
-
-
Target
Potvrda.cmd
-
Size
1.0MB
-
MD5
c9ad0db8c48595796320909adcf7a303
-
SHA1
a9a21e3819907bba8fc0661e84fe0a7e49b4905c
-
SHA256
909903adda36dcfc103a5260990c7ca1f47b4644672f2d94446c7e6e86f25a35
-
SHA512
cdb375e941627757cc78f4bb1b7360b8512c4f0f3a145203b5807f7027d4a952f129f4a6367e7cbd9e0bd3613bd573eafb17e6967beb36e1039f99cb20f05f4f
-
SSDEEP
24576:3r+gYZO1+u+KAgevoPUENFs0Y09Ea9P+Ex4yE:QRnyHp9O
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-