General
-
Target
ESW2091H52Y6.gz
-
Size
587KB
-
Sample
240717-t3q82ssema
-
MD5
3a836b29854421f24954fdfa776aa01e
-
SHA1
f199cc055e9a96f8f048f6eb69b5e4766a312f95
-
SHA256
5550ba206748ee9f180a6a868ebd342ead8432b7cfecf0c02f37da86f913fe2a
-
SHA512
f59f75e87804c4a6b3eecd97746dc201b15209b108b7bd7977210f12df513bc37151a960f2c8d3ba9b0d32c3c61c6bfc3d49428c7c28097ab48d95dfa49601b1
-
SSDEEP
12288:LyAauUpRc10sMuIf1GIH+euJDF6uFgSwe4UdmW7TcaqsOU:PaHI108ImVb6uFgSt4U17Tn4U
Static task
static1
Behavioral task
behavioral1
Sample
ESW2091H52Y6.vbe
Resource
win7-20240705-en
Malware Config
Extracted
formbook
4.1
de94
way2future.net
worldnewsdailys.online
rendamaisbr.com
s485.icu
vcxwpo.xyz
imagivilleartists.com
herbatyorganics.com
xn--80ado1abokv5d.xn--p1acf
invigoratewell.com
especialistaleitura.online
pkrstg.com
performacaretechnical.com
dreamgame55.net
hkitgugx.xyz
istanlikbilgiler.click
slotter99j.vip
exploringtheoutdoors.net
triberoots.com
energiaslotsbet.com
dkforcm.com
rtp1kijangwin.top
monkeytranslate.com
21stcut.shop
hgty866.xyz
shaktitest.site
monrocasino-508.com
level4d1.bet
nbcze.com
rtproketslotcsn.art
xjps.ltd
yoanamod.com
gv031.net
mceliteroofing.com
1wtrh.com
online-dating-24966.bond
dentalbrasstacks.com
kf7wzmuzv0w.xyz
gyosei-arimura.com
shopyzones.shop
bradleyboy.xyz
bradleyboy.xyz
nownzen.store
buysellrepresent.com
tateshades.xyz
club1stclass.com
2309238042.com
ashleymorgan.live
xn--pdr89n.vip
princecl.xyz
mindfulmanifest.net
c4ads.net
exlith.com
jiogskeojg.xyz
lxrtl.com
cshark-sguser.com
h021b.rest
alfiethorhalls.com
librosinfantiles.top
alazamexports.com
mehalhouse.com
slvtapeworld.com
mybest.engineer
legalix.xyz
kuuichi.xyz
happygreenfarm.com
Targets
-
-
Target
ESW2091H52Y6.vbe
-
Size
4.7MB
-
MD5
6d933e921beffff0992ccdb64bbfa968
-
SHA1
24149345e79200dc21fb6d853e62d7e9ceaf605c
-
SHA256
1d204cb5dccb45236e756ff1d5e1605ab30b67948a40af27c195b6d4f2e5a2ae
-
SHA512
9b8ea5fe63f9e3ae856bdf437bb18f94d923d2674f6d085d65a8d3cf95b58ff10fee530e7ed290fd87995e3c4ea7562334e7c9f2d48736410bd20f168272d4b4
-
SSDEEP
12288:sk+zeB3lLnyTHm63p8P+RQf77puZL0Sfr3ucJ6q53mxmaQEd1wZ4mjBRclC:skbhAFDu7pjSfaI52xmX4mjBRB
-
Formbook payload
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-