General
-
Target
Confirming - Notice of payment_SWIFT BJ23004300IU.bat.exe
-
Size
586KB
-
Sample
241112-wxlgqaxkey
-
MD5
46827077a4c07d354de20e2e85e06d4f
-
SHA1
056f6f4f2dc98b4d184408377f91cb4296030245
-
SHA256
d079862ef124c7736c9321485c30fa19a7c944ac81bc683d123c1aa6c50414a5
-
SHA512
ccd3b5c9acab1024fd0b11876b0716c0839d9e308a9a854ed2b93bb6a22f06efa4826d0d5a4ba23428d12f25290d4fa5bb35992dff6b7b004ba6c1eca91b6a05
-
SSDEEP
12288:c0nsD9cyVPu1VOsaA+0/vOamqspcedULkqnb4:vnccydu10BOsp9Zqnb4
Static task
static1
Behavioral task
behavioral1
Sample
Confirming - Notice of payment_SWIFT BJ23004300IU.bat.exe
Resource
win7-20241010-en
Malware Config
Extracted
formbook
4.1
md49
enithpro.shop
utozeed.agency
ornpicsbd.xyz
82yjj301.top
kphone.online
3ccha73hdl5.shop
seinow.online
usurrofest.info
2ads2s2.top
oritskul.net
etlivecasino.bet
erts.navy
anieubezpieczenia.online
dyhph1020pm.top
paceglide.space
ibmedia.net
arwyking.icu
soriaticarthritis101.today
earopia.shop
gctg2qt4h.top
bud.studio
vory.pet
likogames.top
igglyjellybean.buzz
enericotr.online
uid.wtf
uturefindsstudio.store
qq6f7.asia
000226.xyz
dmksnfkvnkamddddsss05.sbs
levateacri.shop
reativeplayfulness.xyz
uvy.site
tm.boutique
hequedhornyboob.sbs
kiustx.shop
oatsystem.online
obike.online
ome-care-21144.bond
ellnessboxfrance.shop
hecandidcollective.net
45408.vip
ytj.lat
nline-advertising-67741.bond
iseforce.info
lovxip.xyz
nz75.top
mn17563.info
v6-gpmtn.net
olo-bryle.info
edicalaesthetictreatment.net
exttohashtag.online
oloreklama.biz
5519.one
ayfinalizepagamento.site
udryashki.shop
kesportsap.shop
entalentspublishing.music
2072.vip
ettadrive.app
hecarpentersshopwj.shop
arehouse-inventory-92272.bond
majinesia.cloud
ardenglowliving.site
istorted.app
Targets
-
-
Target
Confirming - Notice of payment_SWIFT BJ23004300IU.bat.exe
-
Size
586KB
-
MD5
46827077a4c07d354de20e2e85e06d4f
-
SHA1
056f6f4f2dc98b4d184408377f91cb4296030245
-
SHA256
d079862ef124c7736c9321485c30fa19a7c944ac81bc683d123c1aa6c50414a5
-
SHA512
ccd3b5c9acab1024fd0b11876b0716c0839d9e308a9a854ed2b93bb6a22f06efa4826d0d5a4ba23428d12f25290d4fa5bb35992dff6b7b004ba6c1eca91b6a05
-
SSDEEP
12288:c0nsD9cyVPu1VOsaA+0/vOamqspcedULkqnb4:vnccydu10BOsp9Zqnb4
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-