General
-
Target
bobb4567.exe
-
Size
245KB
-
Sample
210727-y9yzkjqs8s
-
MD5
90825728992d0ef937e2523370e34b31
-
SHA1
7b9a3d06e10d3ccb32a8be5a98ec253bbc0bdebf
-
SHA256
9598f7ebeef58e063e6e5de7da5ea2775991628d11c4fae3e3e2854fa22065eb
-
SHA512
dc180827a8ba8f24dbf20f38091e1bee6c96776399733bf6519e567c0072ae5907abeaeea5873630a4a9057ec34370bbee47042c7b7e5d4e143ac6cac105f370
Static task
static1
Behavioral task
behavioral1
Sample
bobb4567.exe
Resource
win7v20210408
Malware Config
Extracted
formbook
4.1
http://www.bulverderoofing.com/lt0h/
originalindigofurniture.co.uk
fl6588.com
acecademy.com
yaerofinerindalnalising.com
mendilovic.online
rishenght.com
famlees.com
myhomeofficemarket.com
bouquetarabia.com
chrisbani.com
freebandslegally.com
hernandezinsurancegroup.net
slicedandfresh.com
apnathikanas.com
chadhatesyou.com
ansilsas.com
in3development.com
nitiren.net
peespn.com
valengz.com
theseakelpcompany.com
tlcrentny.com
sancakcraft.com
kamenb.com
samanthajobenson.com
alphagearz.com
sprins.net
adestramentos.com
civoconstruction.com
masrmasr.com
jagrit.codes
zusammenurlaub.com
mssjqs.com
ic695niu001.com
anelimplus.com
mutlob.com
beyondmickey.net
sliever.club
perfumefashion.icu
massimilianogiannocco.com
dentoncountyattorneys.media
filigreefilly.com
mooremgmtandcompany.com
smpdj.com
stainlesspropmgmt.com
creativecollectivecommunity.com
dmdrogist.com
spokenandheardpodcast.com
garenbid.com
bestcomandcalls.space
tairunshihua.com
nemski-projekt.com
6mum.com
portlandhemorrhoidcenter.com
platinumforsale.net
driven.plus
ontheedgeoutdoorshunting.com
manatapmasalalu.com
idscustomprinting.com
safepassagereform.com
fairop.xyz
natetacticz.com
etoys-sucks.com
rhinolabs.net
Targets
-
-
Target
bobb4567.exe
-
Size
245KB
-
MD5
90825728992d0ef937e2523370e34b31
-
SHA1
7b9a3d06e10d3ccb32a8be5a98ec253bbc0bdebf
-
SHA256
9598f7ebeef58e063e6e5de7da5ea2775991628d11c4fae3e3e2854fa22065eb
-
SHA512
dc180827a8ba8f24dbf20f38091e1bee6c96776399733bf6519e567c0072ae5907abeaeea5873630a4a9057ec34370bbee47042c7b7e5d4e143ac6cac105f370
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Suspicious use of SetThreadContext
-