General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.13937.11977.exe
-
Size
691KB
-
Sample
240715-g52rcavfmh
-
MD5
c2ae4fdb661a151be4876289ed7f8261
-
SHA1
f8fbb8b8ddb55aacc20449ff2bd5d671e4cbb9fa
-
SHA256
d58780d1d574bfe77c6f9cfad1cf4b51522231b2699081befd5bbd15f7309aa0
-
SHA512
2642eac12e6a42fbd503621871802da278e0c68a4678675ddbe71f66d7a2b7d0ed8a22640c13d153ea63bcb33f7f13ae32eaa3e444fc451c64a1839d8cc91c89
-
SSDEEP
12288:luCDWx2PQfnESfZ0nl+xD4u1JW31MlxwXY5oMY3tQMmVHMe3+L4Ull0l8fkR:/awMnESR0nl+Z9OSXwXuoaVse3+sCie6
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.13937.11977.exe
Resource
win7-20240704-en
Malware Config
Extracted
formbook
4.1
45er
depotpulsa.com
k2bilbao.online
bb4uoficial.com
rwc666.club
us-pservice.cyou
tricegottreats.com
zsystems.pro
qudouyin6.com
sfumaturedamore.net
pcetyy.icu
notbokin.online
beqprod.tech
flipbuilding.com
errormitigationzoo.com
zj5u603.xyz
jezzatravel.com
zmdniavysyi.shop
quinnsteele.com
522334.com
outdoorshopping.net
7140k.vip
appmonster.live
rvrentalsusane.com
berry-hut.com
h-m-32.com
aklnk.xyz
project.fail
thelbacollection.com
ternkm.com
331022.xyz
qhr86.com
casvivip.com
f661dsa-dsf564a.biz
holisticfox.com
taobaoo03.com
kursy-parikmaher.store
reignscents.com
wot4x4.com
axoloterosa.com
instzn.site
nn477.xyz
jwsalestx.com
cualuoinuhoang.com
sagehrsuiteindercloud.solutions
2ecxab.vip
lottery99nft.xyz
budakbetingbet43.click
plaay.live
drmediapulsehub.com
bahismax.com
clareleeuwinclark.com
clarimix.com
ssongg11913.cfd
shapoorji-kingstown.com
detoxifysupplements.info
easy100ksidegig.com
abramovatata.online
barillonfo.net
keendeed.com
yunosave.online
pptv05.xyz
malianbeini.net
polariscicuit.com
sahibindencomparamguvend.link
used-cars-99583.bond
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.13937.11977.exe
-
Size
691KB
-
MD5
c2ae4fdb661a151be4876289ed7f8261
-
SHA1
f8fbb8b8ddb55aacc20449ff2bd5d671e4cbb9fa
-
SHA256
d58780d1d574bfe77c6f9cfad1cf4b51522231b2699081befd5bbd15f7309aa0
-
SHA512
2642eac12e6a42fbd503621871802da278e0c68a4678675ddbe71f66d7a2b7d0ed8a22640c13d153ea63bcb33f7f13ae32eaa3e444fc451c64a1839d8cc91c89
-
SSDEEP
12288:luCDWx2PQfnESfZ0nl+xD4u1JW31MlxwXY5oMY3tQMmVHMe3+L4Ull0l8fkR:/awMnESR0nl+Z9OSXwXuoaVse3+sCie6
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-