General
-
Target
0effded7966d1959e7451e0a68256df8eb5c320e9721b3f4b5e2d7aace8792cf.exe
-
Size
720KB
-
Sample
240612-sada2sygph
-
MD5
271c1d8e6411be19170021ce4a896359
-
SHA1
0948954a5aba126505fce12b4336f3f02ed14f5b
-
SHA256
0effded7966d1959e7451e0a68256df8eb5c320e9721b3f4b5e2d7aace8792cf
-
SHA512
d2f887b96644707aa2e453e263f2b6ec0844801a483ad0888f2c3c6d83db01a2f3bb4ebb97ea2fa0ad8c9faa005d5aaca81c24b94ef253677cb3e50517a39f29
-
SSDEEP
12288:00XyD3HH3DI+F0dlaflXIcF4kc+4IXQtYJvUKOzC3KyAxWkR:ZXyjH3DIPdMzak14Ig6JvUKMPywN
Static task
static1
Behavioral task
behavioral1
Sample
0effded7966d1959e7451e0a68256df8eb5c320e9721b3f4b5e2d7aace8792cf.exe
Resource
win7-20240508-en
Malware Config
Extracted
formbook
4.1
mw62
abpdainik.in
luxuryprojectmalad.co.in
cajunbellebeauty.com
fpmfstudios.com
spedyz.shop
wilddogphotographics.com
apollomoda1.com
evrimciftciportfolio.com
99977bet.com
inefavel.com
mf85.com
online-doctor-nl-1.bond
zqi2lv.vip
thewebdesignhub.co
botwitter.com
18comic-palwoeld.club
loveweldpermanentjewelry.com
l3er39pc-gaywn6kv-d7fs4t7u.cc
31yoyogamestudio.com
yhvh.cloud
skechersoutlets-nz.com
elroyaldearagon.com
adamandcoco.com
xembonghay1.com
glasspanelrepair.com
epl317.top
lindacoledesign.com
brainfog.cloud
hermandaddelrociodecoria.store
capmozwork.com
hewqam.xyz
sullivanbusinessconsulting.com
justicefortrump2024.com
nhakhoasing.xyz
eldozz-draw.top
dasoak.top
estun.shop
2658jjj.buzz
replay77situs.co
therainbowpeoplejp.com
onartgo.com
imanse-impact-consultancy.com
feedsone.top
danielreinhold.com
tinytap.online
bactedes.website
xn--80akkrcheecblg.online
useliteacademy.com
growfrsh.cfd
texas.cyou
etca7575.online
samo-ai.com
baseresidents.xyz
nextmove.homes
larosacontracting.com
208001.com
hbkzle.shop
melbet-pakistan.com
remagrholod.store
airlinetickets.click
achievedisabilityservices.com
yourethevoicemusical.com
1aqx3s3y.shop
od93p9g5xwbk.xyz
dfrt.store
Targets
-
-
Target
0effded7966d1959e7451e0a68256df8eb5c320e9721b3f4b5e2d7aace8792cf.exe
-
Size
720KB
-
MD5
271c1d8e6411be19170021ce4a896359
-
SHA1
0948954a5aba126505fce12b4336f3f02ed14f5b
-
SHA256
0effded7966d1959e7451e0a68256df8eb5c320e9721b3f4b5e2d7aace8792cf
-
SHA512
d2f887b96644707aa2e453e263f2b6ec0844801a483ad0888f2c3c6d83db01a2f3bb4ebb97ea2fa0ad8c9faa005d5aaca81c24b94ef253677cb3e50517a39f29
-
SSDEEP
12288:00XyD3HH3DI+F0dlaflXIcF4kc+4IXQtYJvUKOzC3KyAxWkR:ZXyjH3DIPdMzak14Ig6JvUKMPywN
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-