General
-
Target
PROFORMA INVOICE - MV CNC BANGKOK - ST24PJ-287.exe
-
Size
1.0MB
-
Sample
240701-p2zrkswcnp
-
MD5
f44bc4e0027f0f44d75fed04b8416be2
-
SHA1
70fffcae8382f82570ec5b8e0389e7378c5db522
-
SHA256
c019951411af4b89614d39e15b69e1798f267c54aebfe7e61852e4626bf00cbe
-
SHA512
506d386d7fbd7506930017ba869573bb1e21762c002fb686740ef9cfd906459886fba519486600582f5ab903a958ddfeed81d5df92af6a16c2cc6951e34e9458
-
SSDEEP
12288:5D9Q6t+p9J/s61NobMm1k4Wcqx9cpwtNHdlIoXcPANAe5WdNH6gsmxhgR6ZdEyGk:yoYck4JqncElfcINPewgsw26ZdxAx87
Static task
static1
Behavioral task
behavioral1
Sample
PROFORMA INVOICE - MV CNC BANGKOK - ST24PJ-287.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
ps94
gokorgiboard.com
17tk558f.com
xbtdlz.com
agence-dyf.com
azovtour.com
refreshoutdoors.shop
muyidajs.com
bull007s.autos
huskyacres.net
nryijx628b.xyz
romansotam.com
norlac.xyz
dorsetbusinessforum.com
prpasti.shop
amycostellospeech.com
dpaijvpiajvpin.top
rinabet371.com
corporatebushcraft.com
0755xx.com
wxsjlwkj2019.com
cjyegfoj.net
t5u2s.xyz
light-in-the-heavens.com
forluvofcomedy.com
modevow.com
doising.com
mpcihjpo.xyz
readysetmarkit.com
0909000000.com
checkout4xgrow.shop
whatsapp-p.vip
vpdyt637j.xyz
sunnykiki.net
yesspin.vip
mbduattf.net
gkjjic1ti9.xyz
coindoody.com
st-petersburghpirates.com
khsv4r.top
xsmci844n.xyz
lottiedottieclayco.com
hregrhherdhretdhrt.xyz
rd15.top
parsendustriyel.com
southernsweetsboxco.com
swattonracing.com
streamfly.video
everygrow.xyz
4iszk17p.top
roofing-jobs-97892.bond
625251.com
slotgacor4dline.site
marykellerbechem.com
mjdwmft.life
theip.pro
htgithub.com
aianswerforaluminium.com
vtscw364x.xyz
eroshiroutomatomekojin.com
datanexusmarketing.com
premierdrops.agency
fareast-trading.com
ddsmb.club
transpecosexpress.com
rgrogerscreations.com
Targets
-
-
Target
PROFORMA INVOICE - MV CNC BANGKOK - ST24PJ-287.exe
-
Size
1.0MB
-
MD5
f44bc4e0027f0f44d75fed04b8416be2
-
SHA1
70fffcae8382f82570ec5b8e0389e7378c5db522
-
SHA256
c019951411af4b89614d39e15b69e1798f267c54aebfe7e61852e4626bf00cbe
-
SHA512
506d386d7fbd7506930017ba869573bb1e21762c002fb686740ef9cfd906459886fba519486600582f5ab903a958ddfeed81d5df92af6a16c2cc6951e34e9458
-
SSDEEP
12288:5D9Q6t+p9J/s61NobMm1k4Wcqx9cpwtNHdlIoXcPANAe5WdNH6gsmxhgR6ZdEyGk:yoYck4JqncElfcINPewgsw26ZdxAx87
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-