General
-
Target
4ac278bf21df47be4528682e5697aff0N.exe
-
Size
901KB
-
Sample
240721-cl8ckasgjf
-
MD5
4ac278bf21df47be4528682e5697aff0
-
SHA1
8dfa9651e4bd2d8a32befaa04851005d46585b4c
-
SHA256
f2b5226da4807974fd60640d715adf8679a271c08166e6bd61ebbb0e3209e7ff
-
SHA512
02d0a79ecd133635e89025bfa594bf6fdffad18d690267b91e14e1190b404923b5316ae33f87f5947224bad3b76774c85b1cae34f4a6b1df970a1fc36c26c92f
-
SSDEEP
24576:UsY7f30cHjW225TP+8X9xlgOyx32+Iary9KYsW:8f0+S2gyglgjmJ9KYsW
Static task
static1
Behavioral task
behavioral1
Sample
4ac278bf21df47be4528682e5697aff0N.exe
Resource
win7-20240704-en
Malware Config
Extracted
formbook
4.1
ds92
bitbwoer.icu
bnb777.vip
streambtw.life
tz29ih5n7.com
creditcard-mania.com
attogeneration.com
cyberlamas.online
younggraduateprograms.com
puppytraining.xyz
duruv.asia
mittun.video
codedrafters.com
jaipurplotflatvilla.com
comprardianabet.online
xinmeishe.com
oileddigital.com
ifneuaur.top
00050251.xyz
hensro.online
dztrjx.com
kubet88.guide
africadiet.com
www8822018.com
hoodapparels.com
bighub.bot
bo238i.shop
00050526.xyz
blocksense.xyz
riadsassani.store
coole-shops.online
dzmpqfyf.xyz
po41x.vip
millir.online
limitlessmusic.xyz
glcannasolutions.com
hypnotoadsolutions.com
venimar.com
tranfacy.com
wgogk.top
ahanzar.com
atomya.xyz
challengersgolfclub.com
vvwkxt544s.top
goingforcloud.com
36958.xyz
commcaressupport.com
soundsensible.com
iatransfert.com
four-elementsco.online
sibni.net
1-oncall.com
drwviol.xyz
prosperousit.christmas
stop2025.com
alexysbradley.com
tnogyno.digital
aomori-sunnyspot.click
zeitzuhandeln.net
choi-b8vip.fun
cdn.company
hjkli.com
353633.top
672461.com
mixslotpelangi.xyz
smallbizloansolutions.com
Targets
-
-
Target
4ac278bf21df47be4528682e5697aff0N.exe
-
Size
901KB
-
MD5
4ac278bf21df47be4528682e5697aff0
-
SHA1
8dfa9651e4bd2d8a32befaa04851005d46585b4c
-
SHA256
f2b5226da4807974fd60640d715adf8679a271c08166e6bd61ebbb0e3209e7ff
-
SHA512
02d0a79ecd133635e89025bfa594bf6fdffad18d690267b91e14e1190b404923b5316ae33f87f5947224bad3b76774c85b1cae34f4a6b1df970a1fc36c26c92f
-
SSDEEP
24576:UsY7f30cHjW225TP+8X9xlgOyx32+Iary9KYsW:8f0+S2gyglgjmJ9KYsW
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-