General
-
Target
rl_2e5525cdd195bdd98dec03232b881f204c9076cd73bb8acd92ca03fe22ea9527
-
Size
1.1MB
-
Sample
250701-jz97mstk12
-
MD5
6a4b1e526f4546e81a6af3a68517d82b
-
SHA1
f9e8dd21efca8f96857175dee5e2c9eb443502f8
-
SHA256
2e5525cdd195bdd98dec03232b881f204c9076cd73bb8acd92ca03fe22ea9527
-
SHA512
542673974c7ae628d248d2b7335bd7784ef2808b5bd9dafb12b3fa549f961861516e24a4cd36f96191db8a903791aebcfabf9dc9fc8b515a00b09bde357a2348
-
SSDEEP
24576:S5EmXFtKaL4/oFe5T9yyXYfP1ijXdaObqr4sCxJa:SPVt/LZeJbInQRaOwZq
Static task
static1
Behavioral task
behavioral1
Sample
rl_2e5525cdd195bdd98dec03232b881f204c9076cd73bb8acd92ca03fe22ea9527.exe
Resource
win10v2004-20250619-en
Malware Config
Extracted
formbook
4.1
le23
tartweb.click
jyxzg.tech
aa18i.vip
uhnya-voyna-za-otel.net
gvvlv.top
p2rnl.top
8kwxb.top
erme91.xyz
al3epfmfa.xyz
oeeel.top
qizi3.top
hp3u4g7u6.shop
uaynearchizmtleri.xyz
ummerwind.top
5qaoa.vip
ilko.studio
j9wht33gmh.xyz
h84y.top
agicalnarrative.xyz
ardswitlzv.bond
eachcar.net
v6hju.vip
pyqf.app
ypothings.pro
eministread.click
bsmtps.top
issaskinhq.shop
iongin.website
zxzj.top
ins.blue
pa-wellness-53597.bond
g6qb7.cfd
onodecor.shop
en2e5.cfd
bhiak.vip
tephanieflowers.shop
lcatraz.buzz
c472.top
ocekfreedomyachting.net
iflixplus.cloud
12j.vip
khnp.partners
hqax2.vip
itiesulay.website
k8play.vip
ion-ott.website
rop2capitals.africa
elmoro.xyz
2b515.vip
377669d.app
bmzkozh.xyz
wnmusicstreamdistribution.net
l57j7.top
vcfio.xyz
alkayaelektrik.xyz
3ojo1b5q2.xyz
bmba5.vip
ida.pro
urgut-sliv.lol
ja945x15j.vip
222810dh2.top
mraahogx.top
ampanhaalternativepatrick.shop
pzx3fcvvyg4.pro
d777game.cloud
Targets
-
-
Target
rl_2e5525cdd195bdd98dec03232b881f204c9076cd73bb8acd92ca03fe22ea9527
-
Size
1.1MB
-
MD5
6a4b1e526f4546e81a6af3a68517d82b
-
SHA1
f9e8dd21efca8f96857175dee5e2c9eb443502f8
-
SHA256
2e5525cdd195bdd98dec03232b881f204c9076cd73bb8acd92ca03fe22ea9527
-
SHA512
542673974c7ae628d248d2b7335bd7784ef2808b5bd9dafb12b3fa549f961861516e24a4cd36f96191db8a903791aebcfabf9dc9fc8b515a00b09bde357a2348
-
SSDEEP
24576:S5EmXFtKaL4/oFe5T9yyXYfP1ijXdaObqr4sCxJa:SPVt/LZeJbInQRaOwZq
-
Formbook family
-
Formbook payload
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-