General
-
Target
5107873717846016.zip
-
Size
850KB
-
Sample
210727-jtk841efze
-
MD5
b9f76b778f4c02ae77dd5a2496672485
-
SHA1
360a75e306f59964aadebfa3383be00b0de7639f
-
SHA256
3ecd59d72dfe8bab5b05b32842e5abbe8826e8862829f1baec873c0e715a7628
-
SHA512
48cee6a6e73c94a8653bdf906edeeb53c8b0a64c423eba87de1f8eeba3985bb6dd15fc8a78cdee971eb82b23ec4435bd70b53fcc77c2dd737fdfde6052446884
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-BHI-PP-IN-301 PROJECT MaterialsEquipements Request for Quotation_HMD PJT.exe
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.sunderstudios.com/blo/
introducingsadieann.com
batterrydaddy.com
restaurantechoytac.digital
toriox.tech
cursosonline.pro
onegreenmother.com
canyonpark-home.com
charleserick9.com
coldavis-81720-1634.com
deliandgyros.com
darrenjmajor.com
chekax.com
twinsepower.com
welinkautollc.com
kimlmontgomery.com
ligature.net
bllbirdcrk.com
happilyeverfi.com
hahdigitalmarketinghelp.com
onecomcall.com
createanewyoucoaching.com
nocoky.com
saibamaisweboficial.com
ashtondrakr.com
fronteracater.com
outridermtb.com
wahinehealth.net
viksfitflow.com
redakgroup.com
tpabgd.com
chtc100.com
homeedgestore.com
proxyshops.com
nasakefashions.com
adindia.online
ryanleek.com
thecantonmentcookhouse.com
staszic.xyz
hondaandacuracollision.com
flzyzh.com
lakewoodluxury.com
lisetteperez.media
ronandmarie.com
karlhagan.com
peterrobinson.online
swfjobs.net
stylediaryavenue.com
gallayo.com
mon-test-qi.com
dominandoseuinstrumento.com
translationserviceguide.com
studiosettanta.com
view-millc.com
tadzkirah.com
virtual3devents.com
babehou.com
bbwsboutique.com
resurrectiondesignco.net
kitsmake.com
curiousparty.com
yugen-us.menu
melaninmagicthings.com
nudemburadatatlim.com
browntravelingnotary.com
Targets
-
-
Target
RFQ-BHI-PP-IN-301 PROJECT MaterialsEquipements Request for Quotation_HMD PJT.exe
-
Size
1.1MB
-
MD5
32a7f5eccb743dc2645f642cf109690a
-
SHA1
d73a4e4f6b5560cd1f21978a40265d480ef24259
-
SHA256
4cb3b507b091eafd3faf47a7ebb23e597d92b1cd4ad1655f6a0a9330768a60e5
-
SHA512
f590c392efe24e998aa5604bc8e03de3aafd69173e5b378612b561311c5c38620c0895811aff71320f98cc543cfe6d8643e67920822838b4fabed2c9b404f546
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-