General
-
Target
Documents Submission QTN.pdf.zip
-
Size
413KB
-
Sample
210726-xg6ayl93yx
-
MD5
d911a20362bedf60295a61762d428b49
-
SHA1
e9ec6b65da7691bc5d4a44ed177fdc97c1c24f07
-
SHA256
0d96954f46f5f9862d8e2dda736f1355a50dbb209e209919116e5f548697960d
-
SHA512
4fb4c1700faf4764ca29af08e15dd5211fe008b9a075b467e002c9b8b91cd38e12f13b0d08010f79c4f9737c8ec5d9d6986ea2b9b0e16642d7319a0e3b8145d3
Static task
static1
Behavioral task
behavioral1
Sample
Documents Submission QTN.pdf.exe
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.headairload.com/jdge/
cungcaptapvu.com
lantianren.net
mydivorcepsychologist.com
bageurapparel.com
citydealmaker.com
historyegress.com
litekkutu.xyz
perksofkerala.com
flairmax.com
washingmachineservicerepair.xyz
organicbeauty.club
rehmazbeauty.com
goodgly.com
imtheonlyperson.systems
shbanjia199.com
mwfbd.com
halsonpipe.com
0927487.com
perfectpeachco.com
danielprok.com
townertoren.com
innerviewreflectionsofyou.com
fudgroups.info
ostfriesensuende.com
instafreefollowers.xyz
cryfortrade.com
wepavela.com
dwj-xj9bt.net
tiyujsqicai.com
chothuethietbiquayphim.com
behintejaratpourasa.com
thenotaryexperts.com
fncconline.com
poapay-com.xyz
nieght.com
tanheidl.com
storycraftinternational.com
freegunsafetytraining.com
latitudedaytonarealty.com
makeupheaven.club
fiathfirst.com
sonicdrovein.com
nationaltimesharerelief.com
crbhub.net
shopmocker.com
diversifiedhiring.com
angularjsacademy.com
jasoncordingleyart.com
healthybenefitsplustlus.com
vienkhopkhangbinh.asia
sstaylace.com
honolulumicroschools.com
zalihancehcp.net
cdnxsalty2.com
ylpsbla.com
bjcci.com
kingfisherwebsitesaustralia.com
distribuidoradetejados.com
xis-technology.com
yuthikaassociates.com
linqingxian.com
aimarshfly.com
simplydeliciouscooking.com
vyvelectricistas.com
Targets
-
-
Target
Documents Submission QTN.pdf.exe
-
Size
492KB
-
MD5
18fa8099b62e8f056fe58725632b860d
-
SHA1
34be165cd7bbf63732f599cccb666a0e3af3377e
-
SHA256
9316b9fe5a317761f719e6ee8602f20b356cde2e5e566fdec0a388dc390b2bd0
-
SHA512
eada997d7167c718a0d0154a269c1a9693cddad91e71055b93b3dc55cb08ad6df4e98c993fb0ed6475970306c5ab7bf46d66ebd1272226d777241021d646a876
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-