General
-
Target
HSBC Payment Advice.img.exe
-
Size
847KB
-
Sample
240611-x7wk4syejm
-
MD5
738d8702bdea782a369275d66b3d9f26
-
SHA1
a2f06af75a8dc383d7f26b5d3ec158147d600843
-
SHA256
1f981a828dbe0a4be4814f5f0af0f498ec09a1d4e1bbffd263bf708eeeb01c24
-
SHA512
2ae1d56cf8b07d97b800a72adf147fa2494772c250a08b367b4cc42f4b58deb84ccbf2ef4c58b5cdcd9f4fdb1a3e6aac949ce92034434cbe8f88c1a7721832f2
-
SSDEEP
12288:IpJ7zvBbg7lxsAg1DI+VMaY2ZYsYpf8TT2HQtSjI61cBXBRfEJQcnD4K0kR:Ip7g7l671DIE2sYR8TTQlABHu9
Static task
static1
Behavioral task
behavioral1
Sample
HSBC Payment Advice.img.exe
Resource
win7-20240508-en
Malware Config
Extracted
formbook
4.1
mw62
abpdainik.in
luxuryprojectmalad.co.in
cajunbellebeauty.com
fpmfstudios.com
spedyz.shop
wilddogphotographics.com
apollomoda1.com
evrimciftciportfolio.com
99977bet.com
inefavel.com
mf85.com
online-doctor-nl-1.bond
zqi2lv.vip
thewebdesignhub.co
botwitter.com
18comic-palwoeld.club
loveweldpermanentjewelry.com
l3er39pc-gaywn6kv-d7fs4t7u.cc
31yoyogamestudio.com
yhvh.cloud
skechersoutlets-nz.com
elroyaldearagon.com
adamandcoco.com
xembonghay1.com
glasspanelrepair.com
epl317.top
lindacoledesign.com
brainfog.cloud
hermandaddelrociodecoria.store
capmozwork.com
hewqam.xyz
sullivanbusinessconsulting.com
justicefortrump2024.com
nhakhoasing.xyz
eldozz-draw.top
dasoak.top
estun.shop
2658jjj.buzz
replay77situs.co
therainbowpeoplejp.com
onartgo.com
imanse-impact-consultancy.com
feedsone.top
danielreinhold.com
tinytap.online
bactedes.website
xn--80akkrcheecblg.online
useliteacademy.com
growfrsh.cfd
texas.cyou
etca7575.online
samo-ai.com
baseresidents.xyz
nextmove.homes
larosacontracting.com
208001.com
hbkzle.shop
melbet-pakistan.com
remagrholod.store
airlinetickets.click
achievedisabilityservices.com
yourethevoicemusical.com
1aqx3s3y.shop
od93p9g5xwbk.xyz
dfrt.store
Targets
-
-
Target
HSBC Payment Advice.img.exe
-
Size
847KB
-
MD5
738d8702bdea782a369275d66b3d9f26
-
SHA1
a2f06af75a8dc383d7f26b5d3ec158147d600843
-
SHA256
1f981a828dbe0a4be4814f5f0af0f498ec09a1d4e1bbffd263bf708eeeb01c24
-
SHA512
2ae1d56cf8b07d97b800a72adf147fa2494772c250a08b367b4cc42f4b58deb84ccbf2ef4c58b5cdcd9f4fdb1a3e6aac949ce92034434cbe8f88c1a7721832f2
-
SSDEEP
12288:IpJ7zvBbg7lxsAg1DI+VMaY2ZYsYpf8TT2HQtSjI61cBXBRfEJQcnD4K0kR:Ip7g7l671DIE2sYR8TTQlABHu9
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-