General
-
Target
11072024_1644_11072024_Potvrda.tar
-
Size
744KB
-
Sample
240711-t86wpaxfpg
-
MD5
349d052bb22604a4989400189270a811
-
SHA1
942c14058419b3e9c78cc021e1daecf81d7ef7e0
-
SHA256
841657ec7ffc08e110f6d4cc36b785d632bc502f12a94e6753570c75ab6b6aff
-
SHA512
6aa12aee80fd9a6580bb1b33a2724f8bc180dabf1c9e832f9a2fef99c9be6fe6ec3f622ebd321b76e30993ddbd2d9af32c8cd7714d4454bae3c1feecfbe611e6
-
SSDEEP
12288:c/Riizf8iXiDrItWC6K6jYuVsD5x+1eyOEjLQ2N55Ob5PSOL8qOWo5idI93cC31T:UR3T+guK6LVsD5XsN55O8OxOWa0IVcCd
Static task
static1
Behavioral task
behavioral1
Sample
Potvrda.exe
Resource
win7-20240704-en
Malware Config
Extracted
formbook
4.1
dn03
almouranipainting.com
cataloguia.shop
zaparielectric.com
whcqsc.com
ioco.in
aduredmond.com
vavada611a.fun
humtivers.com
jewellerytml.com
mcapitalparticipacoes.com
inhlcq.shop
solanamall.xyz
moviepropgroup.com
thegenesis.ltd
cyberxdefend.com
skinbykoco.com
entermintlead.com
honestaireviews.com
wyclhj7gqfustzp.buzz
w937xb.com
bakuusa.online
sabong-web.com
52cg2.club
jasonnutter.golf
odbet555.app
vipmotoryatkiralama.com
auravibeslighting.com
pulsesautos.com
imdcaam.com
vivaness.club
bovverbadges.com
giaydonghai.online
aditi-jobs.com
numericalsemantics.com
shoprazorlaser.com
lovedacademy.com
gets-lnds.io
teyo293.xyz
banditsolana.com
delivery-jobs-76134.bond
ppp5716.buzz
zjmeterial.com
de-ponqk.top
bntyr76rhg.top
servicepmgtl.world
nailtimelocust.top
paperappa.com
80sos.com
daysofbetting.com
slaytheday.fun
travauxdefou.com
bx2zyg.com
thecoxnews.com
qriskaq.com
top-dao.com
krstockly1.shop
roiwholesale.com
pajero777ads.click
twistedrubytx.com
thesovreignkingdomofmaui.info
cataclysmicgamingapparel.com
verxop.xyz
xn--kwra1023b.com
winterclairee.com
sukhiclothing.com
Targets
-
-
Target
Potvrda.cmd
-
Size
1.0MB
-
MD5
c9ad0db8c48595796320909adcf7a303
-
SHA1
a9a21e3819907bba8fc0661e84fe0a7e49b4905c
-
SHA256
909903adda36dcfc103a5260990c7ca1f47b4644672f2d94446c7e6e86f25a35
-
SHA512
cdb375e941627757cc78f4bb1b7360b8512c4f0f3a145203b5807f7027d4a952f129f4a6367e7cbd9e0bd3613bd573eafb17e6967beb36e1039f99cb20f05f4f
-
SSDEEP
24576:3r+gYZO1+u+KAgevoPUENFs0Y09Ea9P+Ex4yE:QRnyHp9O
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-