General
-
Target
d85ab2068495ecca61f3f828f8cb4ad83c74beb9f9a25cb660f1c8f7d5e36967
-
Size
962KB
-
Sample
210727-vkp7vanq56
-
MD5
48a19afead6cdf979041d51e24dbedce
-
SHA1
f5baef2f95f0e8ca96f997e660f3b11aab953b4d
-
SHA256
d85ab2068495ecca61f3f828f8cb4ad83c74beb9f9a25cb660f1c8f7d5e36967
-
SHA512
bbc5909ccddb20dd7031935db4dbed10a5131218462a2f4a4a2f8f872dfed50685cc905f7548fa0badbc0e946ef7acb5fcb515aefe998dc6cbd66b81321a362e
Static task
static1
Malware Config
Extracted
formbook
4.1
http://www.zaden.online/ard5/
withaggency.com
iamtyra.com
classicnothistoric.digital
eugeneoregononline.com
thegioimyphamduc-nhat.info
dreamyyogaco.com
mischerry.com
av-trust.online
vogue.photos
tohidistudio.com
stargazernailsalon.com
mazzarothcl.com
shaowang.net
scdde.com
grupoecojeans.com
fillantrophy.com
niamable.com
loftfashionuntitled.com
caninehealthfarm.com
firstsight-intl.com
soapandglorygiftguide.com
headsoffices.com
befettly.com
beachtennisaquabest.com
thepaymentdude.com
stitchedlaces.com
uccbuffalo.com
progamearena.com
israeli-muni-news.com
linuxtechtalk2020.info
shandonghelong.com
glylgs.com
itsgrettel.com
brothersofbandedbirds.com
cmscmr.net
gocthao.com
jiangyun.xyz
mohobh.com
insitesoftwaer.com
muhammadmasood.com
sarkariexams.guru
lauralikescoffee.com
luvthesales.com
roidsbuildingclub.com
atlerz.com
slpmentorme.com
officialkirrabartist.com
jeanpiagetxochimilco.com
siacproject.com
chseairconditioning.com
buybuybath.com
covid-drivethru.com
youspkr.com
buyyourcanam.com
sassyfurbaby.com
vismacapitalgroup.com
betboo507.com
2ubplu.com
coastaltimeva.com
rushisteel.com
columbusestatesseniorliving.com
tritone.media
ecoplusprojects.com
thereissomehoesinthishouse.com
Targets
-
-
Target
Invoice 474833.exe
-
Size
1.3MB
-
MD5
511ea9ea19814aa9d07fb5f1533f6c39
-
SHA1
7344e3048c6d040f2769cd83c108d9c795a8461b
-
SHA256
6fa8fec4f4d71ba8aef6d0a96ceec8f22edcd68dd58e41decdd6979b34988827
-
SHA512
cc93f564ef3d73a1a5935422f1baca721c62f2aae345918291b67881f1f2dc1888b7a9ca9a6924414fab275c2bd88eba57133a4d561971781e5085ec35ed7bee
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-