General
-
Target
9d29cb978c64e5ad17d72e5cabac60c2e4871924c41a7dc0ccaadba7a428703a.exe
-
Size
648KB
-
Sample
241204-dg4n9atnfq
-
MD5
23c82ab652e622a3b359585df5588715
-
SHA1
d5a7ee9c740354cd485b9660dfeed4090086290d
-
SHA256
9d29cb978c64e5ad17d72e5cabac60c2e4871924c41a7dc0ccaadba7a428703a
-
SHA512
6cba277c64f2464b2389e7ebbbf9d8ee76e3094b9731824a622fd25eab02e00fdf31251798650d03680daac9c57a0520b592e2a67ca95b56dcbab31b5d569fce
-
SSDEEP
12288:vIR4R52J+XtsZVtEppdfqnMLpJgSJCCsj8tYRHG2EnMXvxtZsIu6WIR:vIeezjaWop5JCAKm2su1shI
Static task
static1
Behavioral task
behavioral1
Sample
9d29cb978c64e5ad17d72e5cabac60c2e4871924c41a7dc0ccaadba7a428703a.exe
Resource
win7-20241010-en
Malware Config
Extracted
formbook
4.1
bs84
ehuatang.quest
mart-healthcare.solutions
arehouse-inventory-59593.bond
rumpjokes.net
oonlightshadow.store
odernoob.website
sdmedia.net
0k21l6z.xyz
kwovenart.shop
chvb.bid
06ks28.buzz
grexvc.online
unnycdn02.shop
ettingitgonejunk.net
lubmango.store
ustjump.xyz
ofiveuss.store
aahasti-inter5.rest
etclcg.business
ai365.xyz
kaislotplay.shop
ombinedourefforts.net
skfa.info
024-fr-cruises.today
usiness-loans-au-5531141.fyi
xcavators-32553.bond
9xx30.xyz
allerbahisgiris.net
ostescanadre.xyz
undofelizpet.store
ojadobuscabusca.online
itstops.xyz
teamcomuunity.online
lcosta.shop
rabideen.online
aajaleh-nane4.rest
558844a0.shop
ive-glucofree.store
kf777.win
ecuronixds.xyz
0418.pizza
odgersfittedhats.shop
y6c46.pro
olfgalaxy.xyz
svural.store
lasses.tech
raphic-design-degree-15820.bond
ental-implants-60954.bond
lonazap.net
aconciergerie.xyz
arehouse-inventory-27582.bond
rofitways.pro
erangiral4dp.net
etenterey.one
0percentfailrate.biz
ristav.fun
uanqi.live
nline-advertising-98760.bond
anguage-courses-51973.bond
arehouse-inventory-44734.bond
ealthcare-trends-16618.bond
isab.cloud
oodydigital.tech
oetsgarden.art
partments-in-dubai-66339.bond
Targets
-
-
Target
9d29cb978c64e5ad17d72e5cabac60c2e4871924c41a7dc0ccaadba7a428703a.exe
-
Size
648KB
-
MD5
23c82ab652e622a3b359585df5588715
-
SHA1
d5a7ee9c740354cd485b9660dfeed4090086290d
-
SHA256
9d29cb978c64e5ad17d72e5cabac60c2e4871924c41a7dc0ccaadba7a428703a
-
SHA512
6cba277c64f2464b2389e7ebbbf9d8ee76e3094b9731824a622fd25eab02e00fdf31251798650d03680daac9c57a0520b592e2a67ca95b56dcbab31b5d569fce
-
SSDEEP
12288:vIR4R52J+XtsZVtEppdfqnMLpJgSJCCsj8tYRHG2EnMXvxtZsIu6WIR:vIeezjaWop5JCAKm2su1shI
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-