General
-
Target
271JaJbQjMLGbcc.exe
-
Size
667KB
-
Sample
250610-tgnk2azqw5
-
MD5
17043ee76cd32800262fa06cfc3ac690
-
SHA1
0f11ac97736fb42fd30d6c4abf1da4549e8f0101
-
SHA256
6781be8abda50b0cc7d27b9466f7b39572f978cf16151092554e7b4557f0ac06
-
SHA512
0ec8c106a4d55deee49da8a9696f36cbcfb55872d0d2e982416be34ab7e81faa2b2c12f86575e195093d24b78978691c4c242fe7bdf1ab728a68bf92b57d31d7
-
SSDEEP
12288:disP8yffxahqfDGZW17k0+YHPEd8MwP0WAra3OjuBGy1kuOEXuVjCqfkR:n8yffxQqbuWZk9DNWAr6u+3OCq6
Static task
static1
Behavioral task
behavioral1
Sample
271JaJbQjMLGbcc.exe
Resource
win10v2004-20250502-en
Malware Config
Extracted
formbook
4.1
hi26
ctopeaux.shop
isui.shop
huangyusij.top
tsgfa.lol
bcjpp.top
ccess1logsmexico.lat
6vhv7.vip
3i1mp.vip
isy.art
rterracaudill.today
377278d.app
izoc.xyz
guiwe.xyz
81rwp.vip
hi8t3b5a3.shop
omnerror.shop
hm6l1w9o5.shop
saondemandswag.net
sig.xyz
andbags-48525.bond
536a.top
dmiralx-oid.top
amefdsgs.click
leekhoodie.shop
atxjysrwm9.xyz
l6.top
hsbxt.top
377688d.app
om-etcdyl.vip
raaline.shop
fxgjb.vip
iobet5568.buzz
3148dhssr.cfd
c736.top
ao23.top
yupas.xyz
low-bloom.shop
9kwe.top
g86mb.cfd
hkwk0.vip
rn18m.vip
vpgwm.cfd
q0xmh.vip
4wdlhwuzw.xyz
b54f.top
lectric-cars-99334.bond
cac.team
6861.computer
aupure.shop
ealvizcaya.casa
jzyzx.top
lmaron.pro
388789.xyz
einticincotreintauno.net
756102928.cfd
implezzz.shop
73g48u.top
ccluskey.top
owellpublications.net
uto.top
5a2yq.vip
rkadastop.bond
mart-lex.net
ky5way.pro
aplayplinko.xyz
Targets
-
-
Target
271JaJbQjMLGbcc.exe
-
Size
667KB
-
MD5
17043ee76cd32800262fa06cfc3ac690
-
SHA1
0f11ac97736fb42fd30d6c4abf1da4549e8f0101
-
SHA256
6781be8abda50b0cc7d27b9466f7b39572f978cf16151092554e7b4557f0ac06
-
SHA512
0ec8c106a4d55deee49da8a9696f36cbcfb55872d0d2e982416be34ab7e81faa2b2c12f86575e195093d24b78978691c4c242fe7bdf1ab728a68bf92b57d31d7
-
SSDEEP
12288:disP8yffxahqfDGZW17k0+YHPEd8MwP0WAra3OjuBGy1kuOEXuVjCqfkR:n8yffxQqbuWZk9DNWAr6u+3OCq6
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-