General
-
Target
cf4167c690383362c4b42ab32a0ee1ba.bin
-
Size
714KB
-
Sample
240613-ctgvksvcmp
-
MD5
73f46fd86fd3c45d9a0bc288a70b5729
-
SHA1
76a3b1dc60edf1b1200e559c05161edce8107f97
-
SHA256
e10fa6b88fa7020523f8ef4ff5cd3fbc8c9b09a389677ca9fc4792167a5ea431
-
SHA512
894f03f224c37348c88d4e88ba08e7dd613a46c0b9a0de6d484adbcbdd051051088f6a0cb5c57545850758438101c2845422811ee4d61dd59919d364877b21d7
-
SSDEEP
12288:zVyhHoRnMS4dyV8LLhtlKtDPfvUXQLEwdVvcJC8jMaZr+8sozWz9JnB5/vPyBncp:8HdS6GILhtUDPfvUXQwuUJcoqYzwzxyS
Static task
static1
Behavioral task
behavioral1
Sample
48e036467595c63c65d8640a84f4bcf9545a20a9ac2596e8e555a4126c4e7cf7.exe
Resource
win7-20240611-en
Malware Config
Extracted
formbook
4.1
dd20
unblurd.com
docu-zign.com
randijpaulsen.com
angsabet.com
sedatelynx.com
opiumcore.store
thelordismysaviormerch.com
mindstudio.support
waterbygraceteam.com
furnitureinspiredbythesea.com
amablanca.com
hespelerdental.com
arcalid.net
balajinursingbureau.online
caixias.shop
solingen-buergerstiftung.com
194916.top
6travel-insurance.xyz
xn--fiqp9b17y.xn--czr694b
syntixi.trade
dataaudit.xyz
judgefever.com
agapornis.pet
sparkasse-banking-service.app
holylandmerch.com
synive.com
knittingbyangela.com
keytorapidweightloss.com
maradesarrollos.store
asherveer.com
kalame.info
khuwezu.top
myfreebd.com
jeepcherokeedeals.xyz
pointschauds.net
narae.xyz
nsivyyu.top
vetlinx360.com
1709frankford.com
checchintrasportilogistica.com
grupoagrarius.com
themasternoi.com
wurdsspeledrong.com
xn--diseafacil-w9a.com
playtoown.shop
butrikl.xyz
amazonpublisherservice.com
belihape.com
ajaysilverpalace.in
geredehanhotel.com
cruises-11028.bond
catering-57592.bond
haloogi.com
compasstransportaion.com
713952.site
downloadfirekirin.xyz
soapcoverr.store
wellnesswomenassociation.com
nortiapro.com
trustedoakllc.info
canadasimnigeria.com
aiappsreviews.com
dct15.com
venenciadorapp.com
fight4yourhappiness.com
Targets
-
-
Target
48e036467595c63c65d8640a84f4bcf9545a20a9ac2596e8e555a4126c4e7cf7.exe
-
Size
820KB
-
MD5
cf4167c690383362c4b42ab32a0ee1ba
-
SHA1
09a8e7792a20df75fc6c466c921c6e3fb1b92985
-
SHA256
48e036467595c63c65d8640a84f4bcf9545a20a9ac2596e8e555a4126c4e7cf7
-
SHA512
11174ee27f1b4b7ce870d13d4ddc3be5772b844b9a28baac78b467ab916a46ebc2cebfb938e5768a1a89a9d2f12fff24adf707144e9d10fe8f25888707ef126a
-
SSDEEP
12288:bwuD3HH3DI+Q9vAKJDnbEMNC2pWPHuHKzCFcqx8rO9Hl5eIcdAAykR:cujH3DIT94yCqEOwmx869hmAI
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-