General
-
Target
REVISED INVOICE DETAILS.rar
-
Size
940KB
-
Sample
210726-1x9wyxngan
-
MD5
bf6f5d6dd2f5109f0330db8b5f4e54e7
-
SHA1
e8dff94fbbc03a199dd7e190838bbbe9b8e02522
-
SHA256
2da40a3eddfabf08bbf581329e88f79f4038e38edf8fbc7ce0f45d0ba9499a71
-
SHA512
9eba90fed5031015d31ce2a760cd82494e0abf8d69b3b912e64c50e8dca7c7a6ec90887d77e932b6601ec1aeb1a07060ade936e5453bd121e93f0bb76ce32a33
Static task
static1
Behavioral task
behavioral1
Sample
REVISED INVOICE DETAILS.exe
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.fabricwarehousebrla.com/mjf5/
scxmarine.com
4week-keto-results.com
alllivesmattertojesus.info
stoxets.com
psm-gen.com
u2collect.com
steveandgail.com
dgemediagroup.com
ragsxghi.com
hirobasushinv.com
fcvlamingo.com
thebrownseaproject.com
achalaproductions.com
unstoppableinvesting.com
epay12303.com
polenmoda.com
pgpitagi.com
picksfacts.com
allhubph.com
negociandocomvocebr.com
faybless.club
rewardsdeliveryprogram.club
nigelpeoples.com
rishpure.com
agoncoutainville.com
electricskateboardbuilder.com
shoplify.net
meritroyal324.bet
spinvn.com
originoutfittersco.com
smokeandmirrorspdr.com
thebartley.com
mcatpreppackge.com
exsofts.space
revivalcastle.com
rhodeislandrealestatemarket.com
revkevindavenport.com
sascarrental.info
michellemiramontezcasa.com
smalltownnewspodcast.com
fantacylove.com
b2caffiliate.com
healthonlynutrition.com
destinationicehockey.com
kentaijiaoyu.com
sonsofencouragement.com
voiceuxlab.com
inspirasihebat.com
tanz-sport.com
newyorklifennuities.com
indiawalimaadrama.com
albaha-gate.com
p80shop.com
temptazar.club
wildesquirol.com
thinkbig-toystore.com
thebestweedkiller.com
imagepasal.com
suncomefc.icu
553865.com
titpervert.com
bizplaninfo.com
corporalfreddiestowers.com
la26eme.com
Targets
-
-
Target
REVISED INVOICE DETAILS.exe
-
Size
1.2MB
-
MD5
f085c3358b59f0f7233e460816b9cffd
-
SHA1
1fa9928211033fd8afadc910e5acbd608d2686d1
-
SHA256
ac4d23b56b2aac65756dafc7d6ff505ba986f40410370ca4c094f0530e399d79
-
SHA512
88525849adc8ea59bf90a3e95d284b66514e24a955f059d1be29eab26e9d052d6dcd353668a3330055478b5c982ce508a8aa2aabe42dfc99979c9a4a70637d43
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-