General
-
Target
invoice.lzh
-
Size
530KB
-
Sample
210723-w1sb7hv9te
-
MD5
d8135073743eead59a3ecde61bf051ca
-
SHA1
11a89d02e31a429b48295da8cd1c760a7ceae38d
-
SHA256
b506bb786b2b45d252f9886ad94e63cb60b60544dade0680b096f80c84cada7a
-
SHA512
15fe12c916712fab35377a7459da35624b5ed3d218c0bb7beab17a932a1883a333e0679122ce70130278d34dba9fc2d2033c8cec4024646bd73ab8702b28210b
Static task
static1
Behavioral task
behavioral1
Sample
invoice.lzh.exe
Resource
win7v20210408
Malware Config
Extracted
formbook
4.1
http://www.knighttechinca.com/dxe/
sardarfarm.com
959tremont.com
privat-livecam.net
ansel-homebakery.com
joysupermarket.com
peninsulamatchmakers.net
northsytyle.com
radioconexaoubermusic.com
relocatingrealtor.com
desyrnan.com
onlinehoortoestel.online
enpointe.online
rvvikings.com
paulpoirier.com
shitarpa.net
kerneis.net
rokitreach.com
essentiallygaia.com
prestiged.net
fuerzaagavera.com
soukid.com
moderndatingcoach.com
mentalfreedom.guru
bullishsoftware.com
sectorulb.com
outletyana.com
fptplaybox.website
artinmemory.com
buyruon.com
ljd.xyz
mondaysmatters.com
spiritsoundart.net
ixiangzu.com
lacompagniadelfardello.com
bnctly.com
sarasvati-yoga.com
0055game.com
lagrangewildliferemoval.com
umlausa.com
chaytel.com
kkkc5.com
union-green.com
philreid4cc.com
theanimehat.com
redlightlegal.com
myaustraliarewards.com
barkinlot.com
mujahidservice.online
nugeneraonline.com
sopplugin.com
makemyroom.design
ferienschweden.com
fps2020dkasphotoop.com
stylezbykay.com
royalpropertiesgurugram.com
birzulova.com
cosmicmtn.com
kissanime.press
poweringprogress.today
omsamedic.com
drunkpoetsociety.com
hostbison.com
asapdecor.com
houseofsisson.com
Targets
-
-
Target
invoice.lzh
-
Size
530KB
-
MD5
d8135073743eead59a3ecde61bf051ca
-
SHA1
11a89d02e31a429b48295da8cd1c760a7ceae38d
-
SHA256
b506bb786b2b45d252f9886ad94e63cb60b60544dade0680b096f80c84cada7a
-
SHA512
15fe12c916712fab35377a7459da35624b5ed3d218c0bb7beab17a932a1883a333e0679122ce70130278d34dba9fc2d2033c8cec4024646bd73ab8702b28210b
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-