General
-
Target
REVISED INVOICE DETAILS.exe
-
Size
1.2MB
-
Sample
210726-layc6lre9n
-
MD5
f085c3358b59f0f7233e460816b9cffd
-
SHA1
1fa9928211033fd8afadc910e5acbd608d2686d1
-
SHA256
ac4d23b56b2aac65756dafc7d6ff505ba986f40410370ca4c094f0530e399d79
-
SHA512
88525849adc8ea59bf90a3e95d284b66514e24a955f059d1be29eab26e9d052d6dcd353668a3330055478b5c982ce508a8aa2aabe42dfc99979c9a4a70637d43
Static task
static1
Behavioral task
behavioral1
Sample
REVISED INVOICE DETAILS.exe
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.fabricwarehousebrla.com/mjf5/
scxmarine.com
4week-keto-results.com
alllivesmattertojesus.info
stoxets.com
psm-gen.com
u2collect.com
steveandgail.com
dgemediagroup.com
ragsxghi.com
hirobasushinv.com
fcvlamingo.com
thebrownseaproject.com
achalaproductions.com
unstoppableinvesting.com
epay12303.com
polenmoda.com
pgpitagi.com
picksfacts.com
allhubph.com
negociandocomvocebr.com
faybless.club
rewardsdeliveryprogram.club
nigelpeoples.com
rishpure.com
agoncoutainville.com
electricskateboardbuilder.com
shoplify.net
meritroyal324.bet
spinvn.com
originoutfittersco.com
smokeandmirrorspdr.com
thebartley.com
mcatpreppackge.com
exsofts.space
revivalcastle.com
rhodeislandrealestatemarket.com
revkevindavenport.com
sascarrental.info
michellemiramontezcasa.com
smalltownnewspodcast.com
fantacylove.com
b2caffiliate.com
healthonlynutrition.com
destinationicehockey.com
kentaijiaoyu.com
sonsofencouragement.com
voiceuxlab.com
inspirasihebat.com
tanz-sport.com
newyorklifennuities.com
indiawalimaadrama.com
albaha-gate.com
p80shop.com
temptazar.club
wildesquirol.com
thinkbig-toystore.com
thebestweedkiller.com
imagepasal.com
suncomefc.icu
553865.com
titpervert.com
bizplaninfo.com
corporalfreddiestowers.com
la26eme.com
Targets
-
-
Target
REVISED INVOICE DETAILS.exe
-
Size
1.2MB
-
MD5
f085c3358b59f0f7233e460816b9cffd
-
SHA1
1fa9928211033fd8afadc910e5acbd608d2686d1
-
SHA256
ac4d23b56b2aac65756dafc7d6ff505ba986f40410370ca4c094f0530e399d79
-
SHA512
88525849adc8ea59bf90a3e95d284b66514e24a955f059d1be29eab26e9d052d6dcd353668a3330055478b5c982ce508a8aa2aabe42dfc99979c9a4a70637d43
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-