General
-
Target
11122024_0123_10122024_RFQ24-794.rar
-
Size
609KB
-
Sample
241211-brszdsynb1
-
MD5
0d029b7be7286237e9b098529d2cb43a
-
SHA1
aa6706c9623c3c2efb76023c5bfd053cc10d6b89
-
SHA256
2414c1b0b2e095f5e3c43598142c3857dc175d30933b7677848b5cbf0c3765b4
-
SHA512
1165c0488820d882cbbb426fce63e239318637e5823d24509653072cd242cbfcebbeed2653281c883a70882c511517c5076c83b43ad0df4eb8b214e0d25f8f24
-
SSDEEP
12288:9vUXZlf1bHDkFhcFZ3RfKCra44mnHUcJPBYGeEytRs/ras:tUXZlf1DDQ6ZsC+4zHUcYdRs/
Static task
static1
Behavioral task
behavioral1
Sample
RFQ24-794.exe
Resource
win7-20240903-en
Malware Config
Extracted
formbook
4.1
mi06
rumpchiefofstaff.live
n319.vip
ootybite.fit
tlasfnch.online
arehouse-inventory-22187.bond
nihenjin.net
oftware-engineering-10126.bond
airtransplantation342331.life
astelodosjogos.store
oogle-404.sbs
ealthcare-software-62709.bond
00101.pro
edgo.xyz
ardmanager.xyz
eyixnemy.xyz
lamin.food
utomation-tools-75119.bond
wcp.doctor
ennine-way.info
jslot88rich.xyz
ekggo.bid
parkstartsolutions.tech
ifetime.business
nline-advertising-69365.bond
aycycle.net
ulsepop.xyz
ouxes.info
xcelia.tech
arehouse-inventory-21837.bond
utomation-tools-14834.bond
rtesdajocombr.store
stanbulfoodiemap.online
nline-advertising-95843.bond
adea-livi.cyou
ixqd.bid
2s1.pro
ongest.one
udia.xyz
xphim.today
ptvcanada.fun
mericares.online
4035.biz
l-apartment-for-rent-9n.today
entroodontologicoarenales.store
estspeedwall.buzz
avoiedelanature.pro
assimindirimlerika.xyz
heicemaidencometh.shop
nderdogpublishinggroup.biz
linds-curtains-95632.bond
huhufe.info
rumly.info
sertc.xyz
hakarg.food
andscaping-jobs-83570.bond
et7k.motorcycles
nfouj.xyz
ohu88.online
pps-88156.bond
utomatedincome.builders
dispecialists.shop
yvant.xyz
knav.pizza
oqdsm.info
4113.legal
Targets
-
-
Target
RFQ24-794.exe
-
Size
755KB
-
MD5
8e3534faed9bc6b5fafea96ee8b9f513
-
SHA1
00524c9b5a48d05c819f0315219fb2b8dd9861e9
-
SHA256
3a9ddc48041dcd1b22bd54c4f322721e0eae92cdfc579b8fc3c057a10c1c133b
-
SHA512
ba64648bbd447b79b9a7138cb79506139e82499a8d480a8d1127c7d750e70aa558f2f8c0104cfa1a8817c02e63df9605a39d5160b97c9b248c46d5a240a9488a
-
SSDEEP
12288:PcM9wy9EXX+pw7gmFHZvKCTD6ziA+RrsJ73jpWrxmUjDzo2qRG7x:TwFOpw7rHBKCTDlAwrsJLjpWAURqR
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-