General
-
Target
7190badb11c14706725e06f01dd4dbbd34f82233d3d69f7bd302cfdb947f6021.exe
-
Size
28KB
-
Sample
241207-dbe4psxqdn
-
MD5
5ad176cf9482ccedc206fca269089b25
-
SHA1
0b917af3c99023327127aa034d3904888029e2d3
-
SHA256
7190badb11c14706725e06f01dd4dbbd34f82233d3d69f7bd302cfdb947f6021
-
SHA512
9e9c68cd8467f5b08f514b2315025f9e863f66a2d5746f54b5d7d5df89e8b6e9c232bca3fbfedfd6450b2d1ccb37bbd630ea95c0c1bdd5150acd73fb0841d580
-
SSDEEP
192:+YHwHj0yVgOOVinHuCN0Tv2m5g7EDum0KypCkCgS43IhS/rUO50biUU9H+v5mIAf:4AyrgCNkun7EZ3uBIhErX6mPeJACsxh
Static task
static1
Behavioral task
behavioral1
Sample
7190badb11c14706725e06f01dd4dbbd34f82233d3d69f7bd302cfdb947f6021.exe
Resource
win7-20240708-en
Malware Config
Extracted
formbook
4.1
o62s
lectrobay.shop
enisehirarnavutkoy.xyz
itoolz.net
otorcycle-loans-40378.bond
opjobsinusa.today
uara228j.shop
ukulbagus10.click
enhealth07.shop
cpoker.pro
ome-remodeling-16949.bond
andu.shop
hubbychicocharmqs.shop
onghi292.top
ussines-web-creators.net
alenspencer.online
ryptogigt.top
epiyiisigorta.online
ental-implants-77717.bond
juta.click
enisehirevleriarnavutkoy.xyz
pertforces.store
kdse.boutique
uccessfulproduct.shop
newrist.online
2045.pictures
epid.dev
oxo.net
utivme.info
arehouse-inventory-65114.bond
axiquynhongiare.asia
etooclaim.store
heterraceongregory.store
orldwise-admission.online
outenbox.shop
kipoxz.xyz
iperliteratura.online
hoccyboxy.dev
iicf72105.vip
regnancy-10606.bond
dambelardino.net
oans-credits-55622.bond
zprintbox.store
3sejzs3.sbs
fi-group.world
iveworks.xyz
gtg.store
4mn.info
aliente.kaufen
ottostar.motorcycles
oker99-ms.christmas
p595.top
artmartuqsa.shop
infundcadastro.site
merp.link
irclemedia.shop
ind.expert
mitrywedkam.online
opcharlottesydimby.shop
mmamartin.info
uikstudy.sbs
estpro.group
card.yachts
mazoui.fun
ooktonook.online
hronika.fun
Targets
-
-
Target
7190badb11c14706725e06f01dd4dbbd34f82233d3d69f7bd302cfdb947f6021.exe
-
Size
28KB
-
MD5
5ad176cf9482ccedc206fca269089b25
-
SHA1
0b917af3c99023327127aa034d3904888029e2d3
-
SHA256
7190badb11c14706725e06f01dd4dbbd34f82233d3d69f7bd302cfdb947f6021
-
SHA512
9e9c68cd8467f5b08f514b2315025f9e863f66a2d5746f54b5d7d5df89e8b6e9c232bca3fbfedfd6450b2d1ccb37bbd630ea95c0c1bdd5150acd73fb0841d580
-
SSDEEP
192:+YHwHj0yVgOOVinHuCN0Tv2m5g7EDum0KypCkCgS43IhS/rUO50biUU9H+v5mIAf:4AyrgCNkun7EZ3uBIhErX6mPeJACsxh
-
Formbook family
-
Formbook payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-