General
-
Target
new order.zip
-
Size
270KB
-
Sample
210723-vrr2vq4amj
-
MD5
3b6f6a22e98865547e031d4e82ac914f
-
SHA1
f8875d89a3b725558a9eaeb9cc123f6d2c0cc023
-
SHA256
2297896d204fd9d613c91515b52d650754db875e530c4200fa19e9c2a6882544
-
SHA512
41d69fbec1ce362a1db3e0371b922f8317ba66d8bc2b3b35d4f7254b6b2292cf21a34086ce25373e8f0ea93a61530ebe0bd64e02a0201151bb94495528ca6bab
Static task
static1
Behavioral task
behavioral1
Sample
new order.exe
Resource
win7v20210408
Malware Config
Extracted
formbook
4.1
http://www.prospertraining.info/ymmi/
terrapotencia.com
issytosou.net
samankapan.com
zzxitang.com
iapple-uk.com
robertcollinsrealtor.com
theweehero.com
jyotisagar.net
powerbi.fitness
nuoyilm.com
modelsara.com
langvietco.com
aplusroofer.com
isabelacalaca.com
bearhawk.one
exporaoverseas.com
box-appliance.com
walkingfishvod.com
onlyqna.com
feed-parser.com
elegantloungebyjvs.com
expoviviendavirtualgto.com
forgetsticks.com
bloodandteethartwork.com
tinytrailers4bigadventures.com
anal-liza.com
nakopisebe.com
han-chun.com
battybanter.com
resctub.com
biogenesisammendments.com
rajkotpostaldivision.com
akcharconsulting.com
khanmochicaocap.com
albareeparts.com
globalhomeopharma.com
globetrotter-blog.com
vdvozknj.icu
montecitobeachtown.com
staticker.com
vehicleheroes.com
marbellelingerie.com
relocanada.com
nigiwai-bangbuathong-sainoi.com
fuvies.com
ccd-creative.com
weiziyun.net
mylocal.pro
waterbabyisr.com
carmenschmidt.com
culturedlittlehumans.com
amorimcapital.com
1800articles.com
localbaajaar.com
tt-bid.com
suttonbankdc.com
ccacademyofmusic.com
gasteless.com
kamalaharrisfanclub.com
shenyingsuwu.com
edelweissestates.com
wiserfinances.com
freeaitrainingonline.com
xn--ftft-lzabbb.net
Targets
-
-
Target
new order.exe
-
Size
574KB
-
MD5
383b8177e9f7c5e2d771d4bb5b4dd0fd
-
SHA1
9ccb9fdcf54623c18fe39189fdb3fe0ff53d814a
-
SHA256
d47e0508ebe3d03a2fe75479c2a17b3cee5adc099facd5da777b9d090d010907
-
SHA512
fa98bf545af68c9b0a9fbec46a9e502d34978da627468574d36496b418af35b0996a5ee23a4fdde98aa46f90a83614b32815c405b96e6e96fbbba7b058480443
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Suspicious use of SetThreadContext
-