General
-
Target
16a2b3061782b0036be569ceed52e9e9
-
Size
646KB
-
Sample
250701-f76bwa1tgw
-
MD5
16a2b3061782b0036be569ceed52e9e9
-
SHA1
e6d3c63fc774ae4c5fc63250e93f74a010b854a8
-
SHA256
f885bec399f4f6b5fb2715ad04fab2e7c7c39f9b47c8ed00fdecacc15d50fd63
-
SHA512
dc727ab8d1e2ca09031e9cf088476b1e4b40fa1397bbafb688f3bc2eb789eb9c34568131f9ce45afc16884930b2f15ffac9a2aee2fcdf437c4d6d22ff1679cc1
-
SSDEEP
12288:hpyilzab9q3TTOkMKaIbLpKqRrc45tgY5cGCugmug50n7vseRo16imrs:Hyilzah4tbNKqJcWgscGCuFBkoeRO6
Static task
static1
Malware Config
Extracted
formbook
4.1
k15k
1wintop.buzz
mqcbmtahd.shop
ranchiseclub.website
ravessia.tech
eayqe.info
ackageprocessing.info
itheaven.fit
hifamart.xyz
nvesting-courses-87236.bond
earchthebox.today
efpatvkwzfc.top
hebalancedme.info
ebalance.group
ynq.run
otizie247.club
lexcallagee.news
efiairdrop.pro
ovcjc.info
aintreasurestudio.shop
45pr460vcd.shop
etvia.shop
ink6planetbola88.xyz
om-ioiakwd.top
wadci.top
hvwfhtstaoatkpuxwfw.shop
crollthemes.net
ojablink.shop
uxfpe.info
irtyhandscleanmoney.net
utocreditosfacil.today
oweogm.xyz
ghfda.xyz
aribetascanio.net
xquisiteitemspalace.shop
zfkudqt.top
4pro.fit
by-beamup.club
ental-implants-51371.bond
ut-there.studio
avada-qbs5.top
kzkasaza.cfd
elegrmaea.today
log58intobest.shop
epression-treatment-89930.bond
oroscope-22233.bond
heeztsup.top
ravelforjoy.xyz
atarpostss.top
log100existsbest.shop
elationship-coach-11100.bond
7677578.xyz
efpahppzjgq.top
ikes-price-check-2025.today
452368.top
eristgqlk.info
tuddwyoungedward.shop
ungjyrovjqhoqzu.shop
stanbulescortgaze.pro
anadineroporgestionarmails.info
tellartreasurehaven.shop
arketsotcx.biz
aytek.pro
om-gn95.cfd
-desk.top
lt-mpo338.shop
Targets
-
-
Target
16a2b3061782b0036be569ceed52e9e9
-
Size
646KB
-
MD5
16a2b3061782b0036be569ceed52e9e9
-
SHA1
e6d3c63fc774ae4c5fc63250e93f74a010b854a8
-
SHA256
f885bec399f4f6b5fb2715ad04fab2e7c7c39f9b47c8ed00fdecacc15d50fd63
-
SHA512
dc727ab8d1e2ca09031e9cf088476b1e4b40fa1397bbafb688f3bc2eb789eb9c34568131f9ce45afc16884930b2f15ffac9a2aee2fcdf437c4d6d22ff1679cc1
-
SSDEEP
12288:hpyilzab9q3TTOkMKaIbLpKqRrc45tgY5cGCugmug50n7vseRo16imrs:Hyilzah4tbNKqJcWgscGCuFBkoeRO6
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-