General
-
Target
3dd9da5f91ea1de269504d905252059371eafacb8b71b3bc0ac2c38a16db709a.exe
-
Size
626KB
-
Sample
240720-lfbabawcnj
-
MD5
b6afc271ea1a05bafb1caef148175262
-
SHA1
8436e8dbdbf690b6163f5a9b58b3fe1b3516281b
-
SHA256
3dd9da5f91ea1de269504d905252059371eafacb8b71b3bc0ac2c38a16db709a
-
SHA512
4070ebf15459a49aa1d66ceb9e052ea3aca287a39485b759b38f8efdd28f693bdd3b8dcf2f950323d90bb3c1756f96e1667920fa90e583cf6b8abfe352e12296
-
SSDEEP
12288:hxiN882BGzZAb44UVDE5CBqxSjHDhMA+e3Xp3NTWFUtg4X/aU+CIZXLcvKbiN:zu2BOEUu57SrDhIIXpdTj+U+CcbAY
Static task
static1
Behavioral task
behavioral1
Sample
3dd9da5f91ea1de269504d905252059371eafacb8b71b3bc0ac2c38a16db709a.exe
Resource
win7-20240704-en
Malware Config
Extracted
formbook
4.1
pz12
paucanyes.com
autonwheels.com
cowboysandcaviarbar.com
fitnessengineeredworkouts.com
nuevobajonfavorito.com
dflx8.com
rothability.com
sxybet88.com
onesource.live
brenjitu1904.com
airdrop-zero1labs.com
guangdongqiangzhetc.com
apartments-for-rent-72254.bond
ombak99.lol
qqfoodsolutions.com
kyyzz.com
thepicklematch.com
ainth.com
missorris.com
gabbygomez.com
aromacuppa.com
kaskusbagus.com
zoox1.asia
hemophilia-treatment-41433.bond
meidupro.com
shrisona.com
sekanse.com
marcocostasax.com
loyalbahis356.com
mzmz97.com
ma-google.com
xiangadvanced.site
tuotalogis.com
xcxocef.shop
fidgetbottles.com
shuaninvolved.site
ambientelatino.com
98980901.com
singhbrothersframes.com
pureamyl.com
hgs0713.net
surejobzapp.com
slotgame99.bet
datalakeflow.com
ebehemin.com
vanessasmobilespa.com
317wb.com
motchillssss.top
huesch.net
salesgymshark.shop
mejorcompra99.com
tacubashop.com
jessicaxsimmons.com
roar-stores.com
chalkandthimble.com
84556.vip
luyutuwen.com
siliconcollege.icu
marvowhite.com
gjxuh82y0u3h6.top
e2taop5.top
businessbroadway.com
cripmz.xyz
4hu259.com
jnhdh8827.com
Targets
-
-
Target
3dd9da5f91ea1de269504d905252059371eafacb8b71b3bc0ac2c38a16db709a.exe
-
Size
626KB
-
MD5
b6afc271ea1a05bafb1caef148175262
-
SHA1
8436e8dbdbf690b6163f5a9b58b3fe1b3516281b
-
SHA256
3dd9da5f91ea1de269504d905252059371eafacb8b71b3bc0ac2c38a16db709a
-
SHA512
4070ebf15459a49aa1d66ceb9e052ea3aca287a39485b759b38f8efdd28f693bdd3b8dcf2f950323d90bb3c1756f96e1667920fa90e583cf6b8abfe352e12296
-
SSDEEP
12288:hxiN882BGzZAb44UVDE5CBqxSjHDhMA+e3Xp3NTWFUtg4X/aU+CIZXLcvKbiN:zu2BOEUu57SrDhIIXpdTj+U+CcbAY
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-