General
-
Target
PF234-91224.pdf.rar
-
Size
578KB
-
Sample
241209-s3z1hsxmck
-
MD5
c36f7991cb6e5ac34306815babfadf4c
-
SHA1
eaaf48d3efb0e2a5b10b988ff6403c5e3ecb5510
-
SHA256
bdd9e311c550bef90f58fb23c8e3318cc388ac62e756aa0927f91b85a3e75103
-
SHA512
3345aaaf83f59a8987a54f59fd5bd08c9aafab4e12d0515bed87a523ade727c00c8efca7a17fbad02b4c6959f0dc8e27a0750c9eb10a16c6cda1cebdfefadfa3
-
SSDEEP
12288:6DD3PNk45FG5sVbC0JUsDAbXgSTxKKpU1HouvyFgww3aclM3sATidw/YQpN6b:clP5FhCWAjNU1X6ewwF+30dwrz6
Static task
static1
Behavioral task
behavioral1
Sample
PF234-91224.pdf.exe
Resource
win7-20240903-en
Malware Config
Extracted
formbook
4.1
mi06
rumpchiefofstaff.live
n319.vip
ootybite.fit
tlasfnch.online
arehouse-inventory-22187.bond
nihenjin.net
oftware-engineering-10126.bond
airtransplantation342331.life
astelodosjogos.store
oogle-404.sbs
ealthcare-software-62709.bond
00101.pro
edgo.xyz
ardmanager.xyz
eyixnemy.xyz
lamin.food
utomation-tools-75119.bond
wcp.doctor
ennine-way.info
jslot88rich.xyz
ekggo.bid
parkstartsolutions.tech
ifetime.business
nline-advertising-69365.bond
aycycle.net
ulsepop.xyz
ouxes.info
xcelia.tech
arehouse-inventory-21837.bond
utomation-tools-14834.bond
rtesdajocombr.store
stanbulfoodiemap.online
nline-advertising-95843.bond
adea-livi.cyou
ixqd.bid
2s1.pro
ongest.one
udia.xyz
xphim.today
ptvcanada.fun
mericares.online
4035.biz
l-apartment-for-rent-9n.today
entroodontologicoarenales.store
estspeedwall.buzz
avoiedelanature.pro
assimindirimlerika.xyz
heicemaidencometh.shop
nderdogpublishinggroup.biz
linds-curtains-95632.bond
huhufe.info
rumly.info
sertc.xyz
hakarg.food
andscaping-jobs-83570.bond
et7k.motorcycles
nfouj.xyz
ohu88.online
pps-88156.bond
utomatedincome.builders
dispecialists.shop
yvant.xyz
knav.pizza
oqdsm.info
4113.legal
Targets
-
-
Target
PF234-91224.pdf.exe
-
Size
887KB
-
MD5
0285fed1a8816679555b3ad83d259eec
-
SHA1
fd36638db0103fe9530cefcc2b612c307bac5462
-
SHA256
b3f2e166da0892b3ab4d77f3b7764c7d50296fc234a8da7355db5677f090273f
-
SHA512
72bd8a4e9e0dc6eed172d2c0d1f58dad1dca09915c888604fb382e1aa22ec12f7233a9fcc082a1b7c858555b11f4bce60180c5d658f4b7a33573eaaf5c290f3c
-
SSDEEP
12288:8rFcvLvKirjTpzk+958lIe9bVAwb7NsriUe67N0d4CeU:oFwC+NgCejfHNoXRU
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-