General
-
Target
077869509# Invitation PQ Documents Submission QTN.pdf.exe
-
Size
492KB
-
Sample
210726-9me9896n7j
-
MD5
18fa8099b62e8f056fe58725632b860d
-
SHA1
34be165cd7bbf63732f599cccb666a0e3af3377e
-
SHA256
9316b9fe5a317761f719e6ee8602f20b356cde2e5e566fdec0a388dc390b2bd0
-
SHA512
eada997d7167c718a0d0154a269c1a9693cddad91e71055b93b3dc55cb08ad6df4e98c993fb0ed6475970306c5ab7bf46d66ebd1272226d777241021d646a876
Static task
static1
Behavioral task
behavioral1
Sample
077869509# Invitation PQ Documents Submission QTN.pdf.exe
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.headairload.com/jdge/
cungcaptapvu.com
lantianren.net
mydivorcepsychologist.com
bageurapparel.com
citydealmaker.com
historyegress.com
litekkutu.xyz
perksofkerala.com
flairmax.com
washingmachineservicerepair.xyz
organicbeauty.club
rehmazbeauty.com
goodgly.com
imtheonlyperson.systems
shbanjia199.com
mwfbd.com
halsonpipe.com
0927487.com
perfectpeachco.com
danielprok.com
townertoren.com
innerviewreflectionsofyou.com
fudgroups.info
ostfriesensuende.com
instafreefollowers.xyz
cryfortrade.com
wepavela.com
dwj-xj9bt.net
tiyujsqicai.com
chothuethietbiquayphim.com
behintejaratpourasa.com
thenotaryexperts.com
fncconline.com
poapay-com.xyz
nieght.com
tanheidl.com
storycraftinternational.com
freegunsafetytraining.com
latitudedaytonarealty.com
makeupheaven.club
fiathfirst.com
sonicdrovein.com
nationaltimesharerelief.com
crbhub.net
shopmocker.com
diversifiedhiring.com
angularjsacademy.com
jasoncordingleyart.com
healthybenefitsplustlus.com
vienkhopkhangbinh.asia
sstaylace.com
honolulumicroschools.com
zalihancehcp.net
cdnxsalty2.com
ylpsbla.com
bjcci.com
kingfisherwebsitesaustralia.com
distribuidoradetejados.com
xis-technology.com
yuthikaassociates.com
linqingxian.com
aimarshfly.com
simplydeliciouscooking.com
vyvelectricistas.com
Targets
-
-
Target
077869509# Invitation PQ Documents Submission QTN.pdf.exe
-
Size
492KB
-
MD5
18fa8099b62e8f056fe58725632b860d
-
SHA1
34be165cd7bbf63732f599cccb666a0e3af3377e
-
SHA256
9316b9fe5a317761f719e6ee8602f20b356cde2e5e566fdec0a388dc390b2bd0
-
SHA512
eada997d7167c718a0d0154a269c1a9693cddad91e71055b93b3dc55cb08ad6df4e98c993fb0ed6475970306c5ab7bf46d66ebd1272226d777241021d646a876
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-