General
-
Target
HSBC26072021-C2010004V2.ace
-
Size
949KB
-
Sample
210726-ldnpbdbdds
-
MD5
31c1b980298e6795c742a59ee3def9b6
-
SHA1
552bac2ee56aeb64e56a114e3d004e57484e822b
-
SHA256
d41352472768143aa9f566f7e8ee45f9e740e0873a8cc0b46786149f9fc73bcf
-
SHA512
ca636978183932b38e2f08c38d302f7ce15aa1634a276179adb493b615d3ce4412f707246d92b643629bac2abd8830775ade8917e5855833fe514e9a91afa70e
Static task
static1
Behavioral task
behavioral1
Sample
HSBC26072021-C2010004V2.exe
Resource
win7v20210408
Malware Config
Extracted
formbook
4.1
http://www.cryptoinhindi.online/nmks/
sunaoto.net
uddeshyaheen.com
memesyndicste.com
wellnessbytanyabawa.com
winabeel.com
santabirria.com
whatmattersindia.com
3rdimultimedia.com
koukismile.com
hellobabymoccs.com
marziehmakeup.com
faiyou.com
redbarnprovisions.com
odmgl.com
usevino.xyz
csyczp.com
gutfeelings.club
coscos.xyz
moodoo.icu
thedarktechnician.com
weebwrld.com
wilsonmantels.com
biodrains.com
banqutstaff.com
solomonislandsforum.com
yolo-wear.com
everylastdropinc.com
dayblindstarstrategies.com
freelancersarabia.com
bellasnicolejewelrymd.com
oscarh.net
actevate.xyz
apa168.com
paintonpurposeofficial.com
hrvatskepraviceblog.com
tednme.com
truverity.study
militarynotary.com
advancedhorticulture.com
bookmyfreelancer.online
nieght.com
yabancidiziozetleri.net
bkoclchain.com
ahwaday.com
yandex-deliverry.online
electronichaven.today
islamidesign.com
lagerungen.com
uneducatedbyamerica.com
78500605.xyz
taichiforwellbeingonline.com
philipsima.com
ezljdah.com
ajonesconsulting.com
finrowacademy.com
securitybyicon.com
craveroots.com
ppneumatic.com
neiretec.com
amazonemea.xyz
3dpraclabs-virtual-physics.com
fitnesstrainingco.com
brsconsortuimltd.com
rapiddist.com
Targets
-
-
Target
HSBC26072021-C2010004V2.exe
-
Size
1.3MB
-
MD5
101e2a9db2554e093f3b29b86caa5afb
-
SHA1
cc8ce1086cc00406b1b7d28a7b0966e991b846fa
-
SHA256
8d2253cbd99e88a8b1d98a75782097ab5f6159a0360ed1bcd2c82d283590bf2f
-
SHA512
cbd7f0cc5e17785cd1b46bef16b2c38a47ef778fa7e8d8145df23c163ed89214e07b61ff860437b4f282b640371efc6622e68185ffcbd63dd0ab7db79b01c43b
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-