General
-
Target
87333c68bf4dcdf822c5dc527c912fdfcaf4d13bf03aa2f7d70bd98e9d76f1db
-
Size
583KB
-
Sample
241114-n471asyfpg
-
MD5
a9aaed4cb6f60aa1175853edfe467623
-
SHA1
4051ef4f95ed9704edff9962239511fe20c9f657
-
SHA256
87333c68bf4dcdf822c5dc527c912fdfcaf4d13bf03aa2f7d70bd98e9d76f1db
-
SHA512
97466fb3198855ba39b6060fb05bfbcb784935cca98a9aea105b3a94881a35ad97c1707dd5b165a8bbfd6bc04f25ed935812b2b1f6456bb17623e2f5eb89865c
-
SSDEEP
12288:Njd1BYPw/dgKLL64tuIijDuhwKNIM/InSepzkdqp36G3Y4ehfMNN81Lwr50I/o6p:Nj3rw36L/4SuBp/Y4SMM1k+I/o6p
Static task
static1
Behavioral task
behavioral1
Sample
dekont.pdf.exe
Resource
win7-20240903-en
Malware Config
Extracted
formbook
4.1
m17o
kzqh72.top
arket-obybqq.xyz
afechoice.click
ote-knplpa.xyz
aqgpie.xyz
orker-ornp.xyz
he-beds321.today
ut-nlvv.xyz
31231827.xyz
milymariephotography.net
wquqo.click
veu-where.xyz
mjcpo-pick.xyz
yself-lpnbdl.xyz
austoowagosha.net
ive-wgag.xyz
lay-drift-palace.xyz
old-vubgv.xyz
ideo-shooting-courses.today
ntendsisaiasjazmin.shop
rangphimhay.net
ingsai.top
31231869.xyz
okue-least.xyz
actose-free-nutrition.click
ghu-yourself.xyz
umgi-paper.xyz
koj-themselves.xyz
wax-magazine.xyz
ncenseproln.shop
kpl-0166.top
lygww-box.xyz
espond-sspb.xyz
uniaslot77-azul.click
olisticuniversal.design
rawlstarsbrasil.shop
vvimy.top
igrct-itself.xyz
euauhugonisyallaer.shop
allout76microsoft.shop
oedavn.shop
ovie-vkgei.xyz
ssk-even.xyz
lc.mobi
nyoy-adult.xyz
killup2work.net
1684.app
xecutive-kutoax.xyz
eneration-vxej.xyz
-navi.net
elemqio-ojuu.top
xpl-yet.xyz
uthor-pfndoi.xyz
ecimalplace.net
yikb-vote.xyz
39581.top
ischi-waschi.jetzt
31232158.xyz
ucksvip.top
unstylingt.xyz
pike-volnix.click
5ddc2.xyz
2rbet.mobi
uivlio.xyz
oolgege.top
Targets
-
-
Target
dekont.pdf.exe
-
Size
689KB
-
MD5
e5030819a8f2a25db1d44af66e00f397
-
SHA1
af2a32d408423b80f5bc659f708ff373947f633c
-
SHA256
d6cb94e803a570db4987655ae100b9dcca4ca11d45c7a0b9ab004f494855b1fb
-
SHA512
f7694edf91dbad898f73338eb9ce1166e3fec240f0bd700d97ad8cc9455c15805e36d73d607976185fa8559b5b158490fc82fd6fbd73cdf4ecccc5f80e9e2138
-
SSDEEP
12288:1bJbQWSL/h6HWSpws2t0dAWT9ymEtboOCJVMH:dJbQxLQHWSph2t0OWTgmENoOCJV
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-