General
-
Target
New Order Request for Offer.exe
-
Size
837KB
-
Sample
250204-p8sa3syken
-
MD5
db6dfd16b1ac39947a9063aa6326bf43
-
SHA1
e03b5175355d7c413111e23b7fdaa5c84d563ec1
-
SHA256
7157f19969ea92bb660c62b91144ca8be1d6f1631252c7d1f7125fd957a1cde6
-
SHA512
3a21778799366577d05001f1936087a6de552844c9c0ceb43bf2f5b12d0d476299606d1718e08e91a620fcd4598fc65c2ef080b8bad567ba540e19171da876ff
-
SSDEEP
24576:A86weWVAgchq2p7PH9Kb61xFYJH63h/eZ:ABwnAxh7pxm616U9e
Static task
static1
Behavioral task
behavioral1
Sample
New Order Request for Offer.exe
Resource
win7-20240903-en
Malware Config
Extracted
formbook
4.1
k15k
herise.charity
esign-creafactory.store
ldjo.info
9603.pizza
nmap.biz
agnacavalcante.shop
iversidepumpmfg.shop
bcpoz.xyz
lange.store
nfovps.net
ihlj.info
uxury29.net
mergence.fun
oftware-download-49753.bond
amblingsystems.info
tpkoinhoki88.xyz
adecepuffbar.net
emorymakers.travel
azurite.icu
nstantquote.xyz
ilitv.tech
epression-test-87241.bond
ghu9.sbs
retleben.info
illas-in-dubai-prices.today
enri-mahalo.shop
rbd.lat
altyandunhinged.net
pioux.xyz
utletpopular.online
lluminos.pro
ocacho.net
bail.info
videncebased.xyz
osmossa.store
mjsggg5716.shop
ompasnesia.online
arthlyspirit.store
ofl.xyz
onin.fun
ollagenfrdiehaut707680.icu
yrshire.xyz
ruxmarket.store
martphones-33953.bond
ahnsteigfinancial.info
ocusup.xyz
06ks10.buzz
uantumbulletx.world
ortal-bahianews.online
arehouse-inventory-38840.bond
xpj.lat
nthenews.xyz
i-tools-79746.bond
owel.blue
ayapayme.info
nline-gaming-48960.bond
enrysmithfoundation.net
abay.xyz
gathachristie.xyz
ov730167x.vip
rump454647.shop
amin.tel
commerce-66831.bond
axit.xyz
ourindexsicav.net
Targets
-
-
Target
New Order Request for Offer.exe
-
Size
837KB
-
MD5
db6dfd16b1ac39947a9063aa6326bf43
-
SHA1
e03b5175355d7c413111e23b7fdaa5c84d563ec1
-
SHA256
7157f19969ea92bb660c62b91144ca8be1d6f1631252c7d1f7125fd957a1cde6
-
SHA512
3a21778799366577d05001f1936087a6de552844c9c0ceb43bf2f5b12d0d476299606d1718e08e91a620fcd4598fc65c2ef080b8bad567ba540e19171da876ff
-
SSDEEP
24576:A86weWVAgchq2p7PH9Kb61xFYJH63h/eZ:ABwnAxh7pxm616U9e
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-