General
-
Target
412f36cadb0568c43f0738c6a832f9096fa5692c8271b1e322b570152084dc31.exe
-
Size
1.1MB
-
Sample
240715-t8dvxasfmc
-
MD5
e8b684a181e745c7e80acaa0dfa96193
-
SHA1
cf5c3059ac345cb5fd3d943e3a5a27642ad2da0f
-
SHA256
412f36cadb0568c43f0738c6a832f9096fa5692c8271b1e322b570152084dc31
-
SHA512
69f505d8bcc98a657b847ebc7a30e33c2f80394cc92dc7dca2fc2af7566678f4929324ffa73d5fc42a7bd8e17940ebcf108b6b75eca10cb3e196b104c8fdcc2c
-
SSDEEP
24576:ypwQaLmSnf3XrxwPr/Od/wLq7Mm9OCH8MIRi4Kq2:ypimentiWd7PX4R2
Static task
static1
Behavioral task
behavioral1
Sample
412f36cadb0568c43f0738c6a832f9096fa5692c8271b1e322b570152084dc31.exe
Resource
win7-20240708-en
Malware Config
Extracted
formbook
4.1
dk07
reclam.xyz
parchmentmediaadd.com
gaolibai.site
menage-exclusif.com
ceremoniesbyjade.com
5663876.com
take3.xyz
environmentaladvocacygroup.com
fp38z.rest
elektro-vlasic.com
bollybytestv.com
udfunsd.cloud
studiomiraiarq.com
e-commercebrasil.shop
sansiddhiedu.com
draaronroughan.net
24angel.com
rjh-equestrian.com
22db3rgdg6a73pea7.vip
mintygreen-wellnessportal.com
dewakipas88.art
fauteam.top
elyridia.com
msmotorsjp.com
arm-uk.com
wukunstudio.com
96503862.com
ygsj009.xyz
tbstli119w.top
correctionia.com
howdowear.com
760sun.com
1win-yyy-official7.xyz
colmeiaofertasloja.com
megadealsonline.shop
mumuvpn.life
vialglass.website
charliebearventures.com
lynxpire.com
labnicear.shop
thrillhouse.fail
biamane.com
celestialcharts.network
bt365231.com
247866.top
dungcamvu.com
floraperfumaria.com
connectedword.site
pamanwin.com
jbovietnam.vin
tanomi.dev
globalsupdate.xyz
santandecentral.com
xewaov.xyz
384058.com
kindya.xyz
pan-ason19.com
getpurvivee.online
17tk555j.com
fullmoondating.com
mu-vietco.com
cohailpros.com
8uh85t.xyz
slotcuan88login.com
nonewaveneb.live
Targets
-
-
Target
412f36cadb0568c43f0738c6a832f9096fa5692c8271b1e322b570152084dc31.exe
-
Size
1.1MB
-
MD5
e8b684a181e745c7e80acaa0dfa96193
-
SHA1
cf5c3059ac345cb5fd3d943e3a5a27642ad2da0f
-
SHA256
412f36cadb0568c43f0738c6a832f9096fa5692c8271b1e322b570152084dc31
-
SHA512
69f505d8bcc98a657b847ebc7a30e33c2f80394cc92dc7dca2fc2af7566678f4929324ffa73d5fc42a7bd8e17940ebcf108b6b75eca10cb3e196b104c8fdcc2c
-
SSDEEP
24576:ypwQaLmSnf3XrxwPr/Od/wLq7Mm9OCH8MIRi4Kq2:ypimentiWd7PX4R2
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-