General
-
Target
4ed108b6fefaf7195648ba17ba194f04e8db13cec7e1adeb56ecaafa970f8d21.exe
-
Size
614KB
-
Sample
241029-cry13szrdq
-
MD5
a108109409eab70287eff47e6365ff7c
-
SHA1
83aaeb34e9410deef1ccaf6762e580821fd6c98f
-
SHA256
4ed108b6fefaf7195648ba17ba194f04e8db13cec7e1adeb56ecaafa970f8d21
-
SHA512
2278bd435b8a27f916a25c3bc2c3d496eb497a73aa75e469a9d0f0af01aa9d0c786d3d9eb7832a275fb976e23214ed0cd8e0e5517b103d9c71a6b46a2dfbe43b
-
SSDEEP
12288:QMfzu2hn2t4ORZ4+w9BF7cdG8ALKxppsCTf9RIQ/RYTLx/O4eq5V:Qsj8WOr8PFj8AokCTfYQ/RYTLx1V
Static task
static1
Behavioral task
behavioral1
Sample
4ed108b6fefaf7195648ba17ba194f04e8db13cec7e1adeb56ecaafa970f8d21.exe
Resource
win7-20240903-en
Malware Config
Extracted
formbook
4.1
dn13
5q53s.top
f9813.top
ysticsmoke.net
ignorysingeysquints.cfd
yncsignature.live
svp-their.xyz
outya.xyz
wlkflwef3sf2wf.top
etterjugfetkaril.cfd
p9eh2s99b5.top
400108iqlnnqi219.top
ynsu-condition.xyz
ndividual-bfiaen.xyz
anceibizamagazine.net
itrussips.live
orkcubefood.xyz
lindsandfurnishings.shop
ajwmid.top
pigramescentfeatous.shop
mbvcv56789.click
rmei2-cnpj.website
81uu.top
cis.services
ptionsxpress-17520.vip
ltimatraceglow.vip
apu4dmain.cfd
hckc-sell.xyz
nough-smae.xyz
fsoiw-hotel.xyz
mile-hkajwx.xyz
ay-hbcsg.xyz
articulart.net
ozezae7.pro
asy-jatcrz.xyz
wiftsscend.click
tinky.vip
ould-ktlgl.xyz
vagames.pro
sncmk.shop
trategy-eyewna.xyz
orty.pro
hanprojects.tech
ronsoy.vip
aoxiangwu.top
8tsl.fashion
ashersmeaningmellitz.cfd
ood-packing-iasehq19x224.today
oldier-zjfuu.xyz
ysterywarrior932.top
omercialec.shop
ashclub.xyz
trongenergetichealth.top
addedcaitiffcanzos.shop
ack-gtiij.xyz
nformation-gdrs.xyz
ouwmsoe.top
apermatepens.net
5i34whsisp.top
appen-zuxs.xyz
trennebaffinbayamon.cfd
nablerententeewart.shop
xpert-private-tutors.today
zzw-tv.xyz
ffvd-traditional.xyz
31231851.xyz
Targets
-
-
Target
4ed108b6fefaf7195648ba17ba194f04e8db13cec7e1adeb56ecaafa970f8d21.exe
-
Size
614KB
-
MD5
a108109409eab70287eff47e6365ff7c
-
SHA1
83aaeb34e9410deef1ccaf6762e580821fd6c98f
-
SHA256
4ed108b6fefaf7195648ba17ba194f04e8db13cec7e1adeb56ecaafa970f8d21
-
SHA512
2278bd435b8a27f916a25c3bc2c3d496eb497a73aa75e469a9d0f0af01aa9d0c786d3d9eb7832a275fb976e23214ed0cd8e0e5517b103d9c71a6b46a2dfbe43b
-
SSDEEP
12288:QMfzu2hn2t4ORZ4+w9BF7cdG8ALKxppsCTf9RIQ/RYTLx/O4eq5V:Qsj8WOr8PFj8AokCTfYQ/RYTLx1V
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-