General
-
Target
8447a77109db948caf2aeab8f22ecffb5fb15a83286c7894b0d9a06c48ed3e73
-
Size
1.1MB
-
Sample
241224-z4ty8axqbl
-
MD5
61b68ed859f55e970b3b4b49e6aa3890
-
SHA1
0621ceca3448c427848777e383c9b9d9549fde21
-
SHA256
8447a77109db948caf2aeab8f22ecffb5fb15a83286c7894b0d9a06c48ed3e73
-
SHA512
1ead6f9dc9428d47aa9419dc6ba1c2f753806b93df893114e3baf06c067c78667b4ccb37af5554f626ddc84dd91ab21025346243df9cb6c9d34485b537b7a11f
-
SSDEEP
24576:DxmdOBUO2GqbAq+zyFGbTgV/S9MLk2zP38rkwuX+au+H:lnq8qGoIgGck2roNuX++
Static task
static1
Behavioral task
behavioral1
Sample
8447a77109db948caf2aeab8f22ecffb5fb15a83286c7894b0d9a06c48ed3e73.xlsx
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
8447a77109db948caf2aeab8f22ecffb5fb15a83286c7894b0d9a06c48ed3e73.xlsx
Resource
win10v2004-20241007-en
Malware Config
Extracted
formbook
4.1
hwu6
lf758.vip
locerin-hair.shop
vytech.net
pet-insurance-intl-7990489.live
thepolithat.buzz
d66dr114gl.bond
suv-deals-49508.bond
job-offer-53922.bond
drstone1.click
lebahsemesta57.click
olmanihousel.shop
piedmontcsb.info
trisula888x.top
66sodovna.net
dental-implants-83810.bond
imxtld.club
frozenpines.net
ffgzgbl.xyz
tlc7z.rest
alexismuller.design
6vay.boats
moocatinght.top
hafwje.bond
edmaker.online
simo1simo001.click
vbsdconsultant.click
ux-design-courses-53497.bond
victory88-pay.xyz
suarahati7.xyz
otzen.info
hair-transplantation-65829.bond
gequiltdesins.shop
inefity.cloud
jeeinsight.online
86339.xyz
stairr-lift-find.today
wdgb20.top
91uvq.pro
energyecosystem.app
8e5lr5i9zu.buzz
migraine-treatment-36101.bond
eternityzon.shop
43mjqdyetv.sbs
healthcare-software-74448.bond
bethlark.top
dangdut4dselalu.pro
04506.club
rider.vision
health-insurance-cake.world
apoppynote.com
11817e.com
hiefmotelkeokuk.top
sugatoken.xyz
aragamand.business
alifewithoutlimits.info
vibrantsoul.xyz
olarpanels-outlet.info
ozzd86fih4.online
skbdicat.xyz
cloggedpipes.net
ilsgroup.net
ptcnl.info
backstretch.store
maheshg.xyz
7b5846.online
Targets
-
-
Target
8447a77109db948caf2aeab8f22ecffb5fb15a83286c7894b0d9a06c48ed3e73
-
Size
1.1MB
-
MD5
61b68ed859f55e970b3b4b49e6aa3890
-
SHA1
0621ceca3448c427848777e383c9b9d9549fde21
-
SHA256
8447a77109db948caf2aeab8f22ecffb5fb15a83286c7894b0d9a06c48ed3e73
-
SHA512
1ead6f9dc9428d47aa9419dc6ba1c2f753806b93df893114e3baf06c067c78667b4ccb37af5554f626ddc84dd91ab21025346243df9cb6c9d34485b537b7a11f
-
SSDEEP
24576:DxmdOBUO2GqbAq+zyFGbTgV/S9MLk2zP38rkwuX+au+H:lnq8qGoIgGck2roNuX++
-
Formbook family
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-