General
-
Target
PAYMENT INVOICE.exe
-
Size
262KB
-
Sample
210723-fxze2d52ps
-
MD5
c0b8d4d9bfa8808071e03ac2697bf7c4
-
SHA1
e38e53363ec6830a90a4bc41aec9dd3e64bc427d
-
SHA256
644b959318e7825454d8cdd4af75ddeb489c94a7754da360d4cd155bccc3a669
-
SHA512
5c3d62707fa005ee424dc780bd00001e2046673b158763f59f780136fe3f00a6c105851982443935f0857cc937a9fe881fd889af7f563dce4bc07b420e05c19c
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT INVOICE.exe
Resource
win7v20210408
Malware Config
Extracted
formbook
4.1
http://www.hyattregencywesthanoi.com/ltrg/
showmodetail.com
handhcleaningservice.com
intunemem.xyz
emmystudios.com
mycarfromdubai.com
thereisanidea.com
elearingtoronto.com
summer-coins.site
stripsource.com
sweetlabradorhome.com
fulltrip.site
vickysstudio.com
paradoro.com
bjyongju.com
mcpuck.net
greenteamnagaland.com
plantbased.fitness
xn--sh1bt2ak0q10a918a.com
buyhappylife.com
mohytsrivastava.com
thebugzapper.info
onehitwonderthemusical.com
chrisandanutara.com
herschellawhorn.com
mgptl.com
ynpingou.com
realestatefirsts.com
fitjasper.com
rugpat.com
cinderellamulder.com
mivinow.com
eleconomistadomestico.com
metromillworksok.com
socialadwork.net
atahualta.com
rivercitygoldens.com
soflohomeservices.com
mareedi.com
hamarakisan.com
bristol360photographer.com
shitchinadoes.com
talesbysage.com
sanesan.com
wellbeingfoundry.com
itsn-u.com
hopelifecoachingcenter.com
trrnn.com
olivettaturkishrestaurant.com
6882331.com
scentsera.com
tabakashi.com
canmoum.com
gokkas.com
kallenmarblesandgranites.com
xn--ekrq20f.net
limitadmedia.com
thientudia.com
borderscommission.net
katicart.com
myhubora.com
skid0s.com
wsnegocios.com
taktauidea.com
electramobility.net
Targets
-
-
Target
PAYMENT INVOICE.exe
-
Size
262KB
-
MD5
c0b8d4d9bfa8808071e03ac2697bf7c4
-
SHA1
e38e53363ec6830a90a4bc41aec9dd3e64bc427d
-
SHA256
644b959318e7825454d8cdd4af75ddeb489c94a7754da360d4cd155bccc3a669
-
SHA512
5c3d62707fa005ee424dc780bd00001e2046673b158763f59f780136fe3f00a6c105851982443935f0857cc937a9fe881fd889af7f563dce4bc07b420e05c19c
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Downloads MZ/PE file
-
Suspicious use of SetThreadContext
-