General
-
Target
TT-BankInfo-1-2021.pdf.exe
-
Size
761KB
-
Sample
210723-z7b1l3h83e
-
MD5
7b0351ec874b11dd49c53ba8bfc300a0
-
SHA1
c7b310143c30e86aed7b42025d336d872b199eb5
-
SHA256
9efbf9cd19545210fd864fe446181134dda3703fd834b3b4ffeca2b55a11f6dd
-
SHA512
bc1bcb17bd00343ad6acfb26d5047bfc34d22f3f2362f62111ec9e93d9117a84c669ce30c2841b70e82361b4296c778a5ee724591a5512829a3c208111d50bb5
Static task
static1
Behavioral task
behavioral1
Sample
TT-BankInfo-1-2021.pdf.exe
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.vcxpkbg.icu/d5y/
kinakatashop.com
skanujfaktury.info
thepinkelephantcafe.com
securitymanagementdegree.com
plumbingdial1.com
xcuseheqahee.com
sh13c.com
ourprivatefantasy.com
pindd4.com
rbnjietiao.com
disqme.com
boogops.com
myfriendsautomotive.com
hip.travel
laserclinicscanada.com
braidwooduk.ltd
honchocollectables.com
888b.money
itserv-eg.com
psasportsauctions.com
phxmailhub2.com
lnstagramfromdevice.com
rachelsaia.com
thehaa.com
gemaylola.com
earth-roamers.com
yepcap.com
mrcasino63.com
solevux.com
27oldmillroad.com
3286038.com
justzoelindsey.com
norfolkssuperiorcarwash.com
therisemag.com
ilikeitblackcoffeeco.com
michaelroselman.com
mayedecor.com
apolloinflight.com
heatourpool.com
arcazuladventureracing.com
getalrt.com
newflvrs.com
eugenesec.com
eproengineeringltd.co.uk
belfastdesignpopup.com
zbn.xyz
antonio.world
turkstats.com
sotexasapparel.com
kangaroobrake.com
myfirstbottel.net
jingerlu.com
diattub.com
uniqueskinproducts.com
notarytodayforyou.com
benchekrounlibrary.com
blackdfw.com
o-seu-personal-online.com
jjelax.com
oc-service.com
paper-moments.com
page1-one.com
skipjoy.com
bgdizain.com
Targets
-
-
Target
TT-BankInfo-1-2021.pdf.exe
-
Size
761KB
-
MD5
7b0351ec874b11dd49c53ba8bfc300a0
-
SHA1
c7b310143c30e86aed7b42025d336d872b199eb5
-
SHA256
9efbf9cd19545210fd864fe446181134dda3703fd834b3b4ffeca2b55a11f6dd
-
SHA512
bc1bcb17bd00343ad6acfb26d5047bfc34d22f3f2362f62111ec9e93d9117a84c669ce30c2841b70e82361b4296c778a5ee724591a5512829a3c208111d50bb5
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-