General
-
Target
264363a6ad5f6720663cd201f8037f0c6f3bfda8216bb8f975e7df9fd9c699b9.exe
-
Size
756KB
-
Sample
241211-cqtpza1mbx
-
MD5
147579a97da0eca0d7710189aa127157
-
SHA1
fe11ac8a0ddb01d39a5d2614686738d9c9e8a9ff
-
SHA256
264363a6ad5f6720663cd201f8037f0c6f3bfda8216bb8f975e7df9fd9c699b9
-
SHA512
6fd90440b24d239c88ff8264f99b4c434a14b4e1d311579f42d6a0d681acc5e1d00ce593521a68efb168ef6ed7bcb71501a0e1afa6e5bceac4c5107de0d1ef1f
-
SSDEEP
12288:dlMQIaLR0bwS1+ccfxuwdjXtm4DIpeIQt1Ct9qmLwy9EXX++S:NvV18xApjXtm0IpeICCt9VLwFO
Static task
static1
Behavioral task
behavioral1
Sample
264363a6ad5f6720663cd201f8037f0c6f3bfda8216bb8f975e7df9fd9c699b9.exe
Resource
win7-20241023-en
Malware Config
Extracted
formbook
4.1
ct27
arehouse-inventory-22552.bond
lead.today
utomation-tools-36376.bond
uizdabarbie.shop
yedzio.xyz
riffinfamily.fun
lashsmm.store
estlumpia.shop
aki777id.best
ilmach.net
ome-care-25437.bond
i404.net
jacp.bid
he-broker.net
quick.biz
ynacloud.xyz
harmant-g.online
f85to5a2x.cyou
pdgkt.bid
at-removal-near-me-103.xyz
oujizz.fyi
oftware-engineering-60706.bond
lexcap.xyz
jwbizjl3p.sbs
ouses-for-sale-4851524.zone
nternet-providers-19459.bond
2b-emirates.net
onotobey.shop
sk-dezzz49.store
91582235.xyz
uankao.tech
kmi14.xyz
ental-implants-39342.bond
h868.net
ental-implants-67929.bond
lotino.xyz
pps-31199.bond
aintkitts.xyz
ximito.info
mrahmed.website
lujro.shop
n.domains
mkgqu.info
ingaepost.live
lutchbrakes.net
hepahamiltons.net
arehouse-inventory-64566.bond
eyss.xyz
elightfullydecadent.store
200mber.fun
fmej.info
lard.xyz
amal888.pro
si-robot.tech
kin-rejuvenation-78159.bond
mjweddingplanners.fun
urhub.xyz
nfluencer-marketing-70434.bond
bl.email
apturethetgc.win
ntangroup.online
eehear.xyz
udiolife.xyz
regnancy-32797.bond
rave.ist
Targets
-
-
Target
264363a6ad5f6720663cd201f8037f0c6f3bfda8216bb8f975e7df9fd9c699b9.exe
-
Size
756KB
-
MD5
147579a97da0eca0d7710189aa127157
-
SHA1
fe11ac8a0ddb01d39a5d2614686738d9c9e8a9ff
-
SHA256
264363a6ad5f6720663cd201f8037f0c6f3bfda8216bb8f975e7df9fd9c699b9
-
SHA512
6fd90440b24d239c88ff8264f99b4c434a14b4e1d311579f42d6a0d681acc5e1d00ce593521a68efb168ef6ed7bcb71501a0e1afa6e5bceac4c5107de0d1ef1f
-
SSDEEP
12288:dlMQIaLR0bwS1+ccfxuwdjXtm4DIpeIQt1Ct9qmLwy9EXX++S:NvV18xApjXtm0IpeICCt9VLwFO
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-