General
-
Target
c1858ea28a880a9d789497986b541c29f79cb2d6de8aea568f09b309a7819c73.exe
-
Size
715KB
-
Sample
241215-ekc65svpel
-
MD5
303c96d28de2023a3358f8a1c4dca692
-
SHA1
4fb8a0435be969803b11d4775d9026f692c64445
-
SHA256
c1858ea28a880a9d789497986b541c29f79cb2d6de8aea568f09b309a7819c73
-
SHA512
178e895c18b1afecfaa4bc10c259bd369485ed5ff03c96d0fdd36eb429e407bf57a0fb1b47268328cb9751982bdea69383b0f5be3af6a7c2738397b96d43b568
-
SSDEEP
12288:ZC25usx+XtRIO/3YtvYwFA8wL6Ab5buKjGhKyPV0VlzYqrh+GkVc:LxyIFvULLpNyKj6KKVqhYqla
Static task
static1
Behavioral task
behavioral1
Sample
c1858ea28a880a9d789497986b541c29f79cb2d6de8aea568f09b309a7819c73.exe
Resource
win7-20240708-en
Malware Config
Extracted
formbook
4.1
bs84
ehuatang.quest
mart-healthcare.solutions
arehouse-inventory-59593.bond
rumpjokes.net
oonlightshadow.store
odernoob.website
sdmedia.net
0k21l6z.xyz
kwovenart.shop
chvb.bid
06ks28.buzz
grexvc.online
unnycdn02.shop
ettingitgonejunk.net
lubmango.store
ustjump.xyz
ofiveuss.store
aahasti-inter5.rest
etclcg.business
ai365.xyz
kaislotplay.shop
ombinedourefforts.net
skfa.info
024-fr-cruises.today
usiness-loans-au-5531141.fyi
xcavators-32553.bond
9xx30.xyz
allerbahisgiris.net
ostescanadre.xyz
undofelizpet.store
ojadobuscabusca.online
itstops.xyz
teamcomuunity.online
lcosta.shop
rabideen.online
aajaleh-nane4.rest
558844a0.shop
ive-glucofree.store
kf777.win
ecuronixds.xyz
0418.pizza
odgersfittedhats.shop
y6c46.pro
olfgalaxy.xyz
svural.store
lasses.tech
raphic-design-degree-15820.bond
ental-implants-60954.bond
lonazap.net
aconciergerie.xyz
arehouse-inventory-27582.bond
rofitways.pro
erangiral4dp.net
etenterey.one
0percentfailrate.biz
ristav.fun
uanqi.live
nline-advertising-98760.bond
anguage-courses-51973.bond
arehouse-inventory-44734.bond
ealthcare-trends-16618.bond
isab.cloud
oodydigital.tech
oetsgarden.art
partments-in-dubai-66339.bond
Targets
-
-
Target
c1858ea28a880a9d789497986b541c29f79cb2d6de8aea568f09b309a7819c73.exe
-
Size
715KB
-
MD5
303c96d28de2023a3358f8a1c4dca692
-
SHA1
4fb8a0435be969803b11d4775d9026f692c64445
-
SHA256
c1858ea28a880a9d789497986b541c29f79cb2d6de8aea568f09b309a7819c73
-
SHA512
178e895c18b1afecfaa4bc10c259bd369485ed5ff03c96d0fdd36eb429e407bf57a0fb1b47268328cb9751982bdea69383b0f5be3af6a7c2738397b96d43b568
-
SSDEEP
12288:ZC25usx+XtRIO/3YtvYwFA8wL6Ab5buKjGhKyPV0VlzYqrh+GkVc:LxyIFvULLpNyKj6KKVqhYqla
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-