General
-
Target
Sigmanly_d8c0f4739b6a46ee8c46a6af4622158b9a866b6eabd1dd6a88228856520b714d
-
Size
617KB
-
Sample
250326-pcb9zs1zaz
-
MD5
5d917b070d148e8c043a3df37d8d0d6f
-
SHA1
75cd40a178208432228ce736a5c4eb35b2d89b44
-
SHA256
d8c0f4739b6a46ee8c46a6af4622158b9a866b6eabd1dd6a88228856520b714d
-
SHA512
cff6b80d91e5577aaf3194256006042db1397b473a1fbdc98337ff98dd1a553bbb920c8c3c663e24949b49d545ef1c39c4024fcdf0b5e5d9d52717bf01b43081
-
SSDEEP
12288:qPFY/Bdue1pIemCBnH6h+/wfktcLkdseWQnYK7u4XFBbHovTY26:qPFG31XV0+/wfbkd37YK7u418TW
Static task
static1
Behavioral task
behavioral1
Sample
Sigmanly_d8c0f4739b6a46ee8c46a6af4622158b9a866b6eabd1dd6a88228856520b714d.exe
Resource
win7-20250207-en
Malware Config
Extracted
formbook
4.1
my18
ladproductreviews.shop
ivor.online
odesfactory.xyz
shim.shop
elonyyoung.net
gac.online
zgtl.click
27652.locker
omelyrooms.online
ermanosu.online
offee-machine-19139.bond
91033.pro
ovedirectiveteam.info
tmsolcoinews.uno
lizz.finance
uyurbanaraava.shop
anufixo.xyz
ypercog.xyz
itblog.tech
reshdirectivesolutions.info
ebpazarim.net
kosor-ossorilmma.online
eagleinsurancepros.website
knowido.net
infix.today
5432pxnshot.pics
bzxnbzy.xyz
usk360.xyz
oiyter.xyz
hiefworthextendfirmbridge.xyz
16bet.website
ryptoosvita.website
lotheroes.casino
obilityscooterscooters.today
eatintell.net
rustless888.xyz
ousecure.online
120qa.xyz
ruck-driver-jobs-41162.bond
exas88me.pro
bplus.motorcycles
luebunkers.online
ummitpointconsulting.net
aiaearthworks.net
iartetuexperiencia.live
rnamiara.online
gendamos.online
utuelleretraite.bond
alleoncoin.net
adawol.click
xclusivedealsspots.sbs
nnotechg.net
esconseils.net
reatyarmouth-cruisetours.today
earntok.shop
itness-center-ph-8859635.zone
partamento-sao-paulo-610.click
hoenixlearningnetwork.net
strology-options-12038.bond
yset.info
excopilot.xyz
xpertisechat.xyz
oneyiq.xyz
emotepilottraining.online
hartplus.autos
Targets
-
-
Target
Sigmanly_d8c0f4739b6a46ee8c46a6af4622158b9a866b6eabd1dd6a88228856520b714d
-
Size
617KB
-
MD5
5d917b070d148e8c043a3df37d8d0d6f
-
SHA1
75cd40a178208432228ce736a5c4eb35b2d89b44
-
SHA256
d8c0f4739b6a46ee8c46a6af4622158b9a866b6eabd1dd6a88228856520b714d
-
SHA512
cff6b80d91e5577aaf3194256006042db1397b473a1fbdc98337ff98dd1a553bbb920c8c3c663e24949b49d545ef1c39c4024fcdf0b5e5d9d52717bf01b43081
-
SSDEEP
12288:qPFY/Bdue1pIemCBnH6h+/wfktcLkdseWQnYK7u4XFBbHovTY26:qPFG31XV0+/wfbkd37YK7u418TW
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-