General
-
Target
9d8bba178d59f8e1a7bbf2d793b30c58.exe
-
Size
1.6MB
-
Sample
240712-n2xfsascpk
-
MD5
9d8bba178d59f8e1a7bbf2d793b30c58
-
SHA1
fcd9ddb47e8faac52d5f9450cbe8970d259cd63f
-
SHA256
2908b204b48c6e54598045bed024df0a256f41d0e53239f5d5606d2be8111c07
-
SHA512
e4e9223b006a7813ced3cf124ca25db3214929cc03d2b14688ba23f5b34949f4f156d646b5eb2f5d75ac17d526537b699f844bccdd19baa205a36de5b1d449b8
-
SSDEEP
12288:TNLnJocGYWkX35QDuPSzBzsFXFIntvrP9zVYL/EyN7T20:JLnrNWkXo1BzsdeFxzS4ydi0
Static task
static1
Behavioral task
behavioral1
Sample
9d8bba178d59f8e1a7bbf2d793b30c58.exe
Resource
win7-20240708-en
Malware Config
Extracted
formbook
4.1
kmge
jia0752d.com
cq0jt.sbs
whimsicalweddingrentals.com
meetsex-here.life
hhe-crv220.com
bedbillionaire.com
soycmo.com
mrawkward.xyz
11ramshornroad.com
motoyonaturals.com
thischicloves.com
gacorbet.pro
ihsanid.com
pancaketurner.com
santanarstore.com
cr3dtv.com
negotools.com
landfillequip.com
sejasuapropriachefe.com
diamant-verkopen.store
builtonmybrother.art
teoti.beauty
kickssoccercamp.com
chickfrau.com
compare-energy.com
icvp5o.xyz
susan-writes.com
dropletcoin.com
sivertool.com
sup-25987659.com
weedz-seeds.today
agritamaperkasaindonesia.com
safwankhalil.com
jm2s8a3mz.com
wfjwjm.com
be-heatpumps.life
hcwoodpanel.com
n5l780.com
mandalah.art
szexvideokingyen.sbs
justinroemmick.com
thecoolkidsdontfitin.com
gsolartech.com
swisswearables.com
chicagocarpetcleaneril.com
terrazahills-cbre.com
santatainha.com
sacksmantenimiento.store
wzhem.rest
shearwaterpembrokeshire.com
baansantiburi.com
mid-size-suv-87652.com
solunchina.com
nandos.moe
blucretebistro.com
identificatiekvk.digital
8772876.com
longfangyun.com
litblacklit.com
mobilferrari.com
zeeedajewelermusic.com
allenbach.swiss
industrialrevolution.ink
cmgamingtrack.com
a2zglobalimports.com
Targets
-
-
Target
9d8bba178d59f8e1a7bbf2d793b30c58.exe
-
Size
1.6MB
-
MD5
9d8bba178d59f8e1a7bbf2d793b30c58
-
SHA1
fcd9ddb47e8faac52d5f9450cbe8970d259cd63f
-
SHA256
2908b204b48c6e54598045bed024df0a256f41d0e53239f5d5606d2be8111c07
-
SHA512
e4e9223b006a7813ced3cf124ca25db3214929cc03d2b14688ba23f5b34949f4f156d646b5eb2f5d75ac17d526537b699f844bccdd19baa205a36de5b1d449b8
-
SSDEEP
12288:TNLnJocGYWkX35QDuPSzBzsFXFIntvrP9zVYL/EyN7T20:JLnrNWkXo1BzsdeFxzS4ydi0
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-