General
-
Target
Douane nécessaire.scr
-
Size
1.3MB
-
Sample
210726-dcde794v3s
-
MD5
02a16ecb920577998a4964a4eb9e2ad1
-
SHA1
8b8d43fd5b6aa6c925bb8dd9beca3ec7d10aae58
-
SHA256
c327a9bad9c1f25d9da900eb60b3ef7a0387d232c30bebb4d8b4b1bb62e257fb
-
SHA512
54b59deda69c278c9056ba294aa9549a47b9324e93c1735abf09231925d43a47830d45977d0b3250941d80d903e44b809cb2761de621bbc220d86e0793ea53be
Static task
static1
Behavioral task
behavioral1
Sample
Douane nécessaire.scr
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.celinehair.com/e7hf/
miaozhunjingzhijia.com
mindplayva.com
vbetturkey.com
panevnyk.space
philiprankinemarketing.com
rosascleaningpros.com
nadersadek.info
2of237woodlandstreet.com
thegroomingdrs.com
cloudtrending.com
viajenscomcafe.com
medkomp.online
hohlola.com
ksremy.com
watermarkwpb.com
work4villageinn.com
pollmag.com
organizingbypaty.com
awakenwithrochelle.com
walcottstreetdental.site
newbethelneylandville.com
jam-nins.com
blue-elephant-indian.com
backyardpizzaiolo.com
patisseriefromparis.com
reachfleet.com
freedatarecovery.net
bkt18.com
auxvoilages-prive.com
jcc9999.com
localeclectric.com
seanhipkindesign.com
hnurses.com
suachuaotoquan8.com
actionboarddiversity.com
apipedemontana.info
biblechalktalk.com
hlv.kiwi
sortingyourlife.com
cvbcvsdqw.com
mexicoenruta.com
mentalidadparaemprender.com
tolerc.net
catchup-net.com
southwestsoaring.com
goldcastinglimited.com
knappsnews.com
advertmanagerbot.com
r6bproject.club
entonlineupdate.com
fiop.cat
denshicustoms.com
flittigstudent.net
spotadz.com
howecute.gifts
almisexpress.com
dogwayslancashire.com
toopaydropbox.com
simplyduplexes.site
citazionprocessingcenter.com
dijuyi.com
8668602.com
deshistories.com
minnesotaswishbasketball.com
Targets
-
-
Target
Douane nécessaire.scr
-
Size
1.3MB
-
MD5
02a16ecb920577998a4964a4eb9e2ad1
-
SHA1
8b8d43fd5b6aa6c925bb8dd9beca3ec7d10aae58
-
SHA256
c327a9bad9c1f25d9da900eb60b3ef7a0387d232c30bebb4d8b4b1bb62e257fb
-
SHA512
54b59deda69c278c9056ba294aa9549a47b9324e93c1735abf09231925d43a47830d45977d0b3250941d80d903e44b809cb2761de621bbc220d86e0793ea53be
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-