General
-
Target
ae2734cb4074c909b5d1469c4901bfc03487342723505ef4c1adcb41d64e3917N.exe
-
Size
550KB
-
Sample
241204-xleqga1qap
-
MD5
cb0b9fd1fdae008c92228b57f6c50a90
-
SHA1
567cf2c5994f1485dc9d8808156fae39647649f0
-
SHA256
ae2734cb4074c909b5d1469c4901bfc03487342723505ef4c1adcb41d64e3917
-
SHA512
9585d5b2d9bb93d575facebd97b05818a14ba02c984158a80322c7e494ffaf6e559155b48e0ddb363c1cc5a99c85ae7c92f5ef77df93be046d65278de7d25726
-
SSDEEP
12288:5MUgm/3dE/fGiCNGiTVTsdrE0V92fO/lk9onzNXxn2iv+:5M2//iCRSdrZV92f79onzNXEiv+
Static task
static1
Behavioral task
behavioral1
Sample
ae2734cb4074c909b5d1469c4901bfc03487342723505ef4c1adcb41d64e3917N.exe
Resource
win7-20240729-en
Malware Config
Extracted
formbook
4.1
giok
royaltysplit.xyz
home-remodeling-32327.bond
ocosoap.download
mx51pbk5z3.top
sapidermen154.buzz
always23082025.info
jencodiahcp.net
psychologist-therapy-13104.bond
okigoods.online
posedon.online
ryclegalpartners.info
seek-zapatosenlinea-cl.info
xataa.info
vitalityyvault.online
hallice732.xyz
snspleak.info
ilbrentdigitalx.info
breast-implants-17988.bond
subedisaurav.site
instamoney.website
1ckme.rest
academiastillus.net
solclaim.top
r51jq644rz.rent
pilates.media
1155.site
business-software-13225.bond
packing-jobs-78839.bond
ampbtj.site
alemdobasicomodas.store
blinkyo.pro
boostmytft.shop
tania168.net
brainyquestcraft.bond
cricadium.info
mainnyalabet.store
gymloyal.shop
cjkz9kanfj2.top
nordiccarry.shop
adjustable-bed-78983.bond
vibrantsoul.xyz
altamodapasto.com
ali-atamimi.com
christianmingles.world
clearose.online
beverlyportapottyrental.com
torchhumanx.website
deityclothing.store
bathroom-remodeling-87847.bond
dotbigsignal.info
discountsforseniors.bond
credit-card20.today
open-source-software-93160.bond
betterconsultoria.net
alphalogic.xyz
fantasitogel.xyz
laoruby.net
aci.army
smartworkssolutions.net
rhinoplasty-surgery-734325.bond
23490.net
tryzapguardian.shop
dentist-for-seniors-81556.bond
susanrudd.online
gzs15.top
Targets
-
-
Target
ae2734cb4074c909b5d1469c4901bfc03487342723505ef4c1adcb41d64e3917N.exe
-
Size
550KB
-
MD5
cb0b9fd1fdae008c92228b57f6c50a90
-
SHA1
567cf2c5994f1485dc9d8808156fae39647649f0
-
SHA256
ae2734cb4074c909b5d1469c4901bfc03487342723505ef4c1adcb41d64e3917
-
SHA512
9585d5b2d9bb93d575facebd97b05818a14ba02c984158a80322c7e494ffaf6e559155b48e0ddb363c1cc5a99c85ae7c92f5ef77df93be046d65278de7d25726
-
SSDEEP
12288:5MUgm/3dE/fGiCNGiTVTsdrE0V92fO/lk9onzNXxn2iv+:5M2//iCRSdrZV92f79onzNXEiv+
-
Formbook family
-
Formbook payload
-
Adds policy Run key to start application
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-