General
-
Target
19072024_0433_18072024_Orden de Compra No.451566.zip
-
Size
553KB
-
Sample
240719-e6wwdawdmh
-
MD5
8fede3e39b6e6f4caac072524093c883
-
SHA1
111837b54281314b6d550099254e6cdff43a2d44
-
SHA256
b02bc61d13e0b6b4095ab910ac991d4985fd8bcc283b24ac59a438b049052fc6
-
SHA512
70019b871fc63aa162f2e19fe8cae29a123ed5bb2126f7b718833830f171f9b573fa24c881721ae198c0a9686c726dafd89560138cfc069e0755050489ecf3b5
-
SSDEEP
12288:PiYpM/QP+/jGOrq3kdjZmazmDwG8KIwJX2hdOAQJGChK277WIgCAhDcNrN:PiYpM/Q2/jGLkdjnnGlCwJG92HVgCAhM
Static task
static1
Behavioral task
behavioral1
Sample
Orden de Compra No.451566.exe
Resource
win7-20240708-en
Malware Config
Extracted
formbook
4.1
gy15
yb40w.top
286live.com
poozonlife.com
availableweedsonline.com
22926839.com
petlovepet.fun
halbaexpress.com
newswingbd.com
discountdesh.com
jwoalhbn.xyz
dandevonald.com
incrediblyxb.christmas
ailia.pro
ga3ki3.com
99812.photos
richiecom.net
ummahskills.online
peakleyva.store
a1cbloodtest.com
insurancebygarry.com
onz-cg3.xyz
erektiepil.com
hs-steuerberater.info
20allhen.online
mariaslakedistrict.com
losterrrcossmpm.com
tmb6x.rest
bagelsliders.com
njoku.net
tatoways.com
jmwmanglobalsolutionscom.com
midnightemporium.shop
gunaihotels.com
midsouthhealthcare.com
rtptt80.site
carmen-asa.com
gypsyjudyscott.com
djkleel.com
sophhia.site
tqqft8l5.xyz
00050385.xyz
oiupa.xyz
purenutrixion.com
worldinfopedia.com
8886493.com
1e0bfijiz43k6c8.skin
bunkerlabsgolf.com
twinportslocal.com
ttyijlaw.com
poiulkj.top
yuejiazy888.com
betbox2347.com
gettingcraftywitro.com
mantap303game.icu
skillspartner.net
cbla.info
rs-alohafactorysaleuua.shop
bt365434.com
redrivercompany.store
abc8win5.com
46431.club
vivehogar.net
menloparkshop.com
1776biz.live
dunia188j.store
Targets
-
-
Target
Orden de Compra No.451566.exe
-
Size
3.1MB
-
MD5
17edb39cd907d5809f6a6ea3eff326b2
-
SHA1
24f9c1e37ff3a6a360ebaea8dcc5d36dc6e75d0f
-
SHA256
b819347078fa3ef6b874c0f8acbd32e0d153442ce42be82496ad15ae4dab5a59
-
SHA512
3adfbd764089041067baa0ac31410971127c4d2033cefc87bf01fc20af8bfccb61d3af4add05921df1057a89b7493993ecaebed533847df62feb3c2e92ee9f5d
-
SSDEEP
12288:Wd2QJ+r9SExqlYdjzKQpQD6okMI4JX2x1MyYJGCV02v3Sm08AhrcNC:U2Q4r9SjYdj3FoLOyJG/2/B08AhrcNC
-
Formbook payload
-
Adds policy Run key to start application
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1