General
-
Target
Shipping documents PDF.exe
-
Size
831KB
-
Sample
210727-zryy5tgqke
-
MD5
81b0bdef857aa70ba8bfe0cb6d02f727
-
SHA1
328ce667e6d7fff59c3f27c0fcda338159c37c6f
-
SHA256
ecc540938addc1a440ef6ceb7714a0b45153c04c28df4395e3de18181439341a
-
SHA512
2b9c6596589265ed4a849d14e10cebff7fdac9a9a0bf7b4a6e33b41b38151a6f63aeb78b4c69e74b6a90be07c470bb86d8da2db988e2863f778780e4c07e238b
Static task
static1
Behavioral task
behavioral1
Sample
Shipping documents PDF.exe
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://w����5 �@q[*��S=���m
Targets
-
-
Target
Shipping documents PDF.exe
-
Size
831KB
-
MD5
81b0bdef857aa70ba8bfe0cb6d02f727
-
SHA1
328ce667e6d7fff59c3f27c0fcda338159c37c6f
-
SHA256
ecc540938addc1a440ef6ceb7714a0b45153c04c28df4395e3de18181439341a
-
SHA512
2b9c6596589265ed4a849d14e10cebff7fdac9a9a0bf7b4a6e33b41b38151a6f63aeb78b4c69e74b6a90be07c470bb86d8da2db988e2863f778780e4c07e238b
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-