General
-
Target
Factura proforma.zip
-
Size
487KB
-
Sample
210728-pnynwaak6n
-
MD5
89b49476f3eb66a9d00466cca519d692
-
SHA1
65c1f2b6cc40b585ffa3f3d23bfee5cf6663d22b
-
SHA256
a94f859b074c88767d674c6d80eadbb565d8d3d2ae705e14b174666913381c88
-
SHA512
814471f27fd75a7781b1069b2e16e56568216e3e22731e9fe28c33ad0bc27ab6d3462b09b2882fc90e5faaac8ee3c1b7134d1b4bff62e6e2ffaf4a1a3ff3206e
Static task
static1
Malware Config
Extracted
formbook
4.1
http://www.constructioncleanup.pro/vd9n/
theunwrappedcollective.com
seckj-ic.com
tyresandover.com
thetrophyworld.com
fonggrconstruction.com
hopiproject.com
sktitle.com
charlotteobscurer.com
qjuhe.com
girlzglitter.com
createmylawn.com
hempcbgpill.com
zzdfdzkj.com
shreehariessential.com
226sm.com
getcupscall.com
neuralviolin.com
sanskaar.life
xn--fhqrm54yyukopc.com
togetherx4fantasy5star.today
buyonlinesaree.com
percyshandman.site
hatchethangout.com
rugpat.com
zen-gizmo.com
vipmomali.com
lacerasavall.cat
aqueouso.com
mkolgems.com
sevenhundredseventysix.fund
fotografhannaneret.com
mitravy.com
bmtrans.net
linterpreting.com
izquay.com
sawaturkey.com
marche-maman.com
eemygf.com
animenovel.com
travelssimply.com
montecitobutterfly.com
volebahis.com
daniela.red
ramseyedk12.com
leyterealestate.info
patriotstrong.net
vkgcrew.com
nadhiradeebaazkiya.online
hotelcarre.com
myfabulouscollection.com
stellantis-luxury-rent.com
hn2020.xyz
emilyscopes.com
lotosouq.com
lovecord.date
stconstant.online
volkite-culverin.net
allwaysautism.com
sheisnatashasimone.com
sepantaceram.com
ishopgrady.com
lifestorycard.com
sexybbwavailable.website
domainbaycapital.com
Targets
-
-
Target
Factura proforma.exe
-
Size
604KB
-
MD5
e1e7b17c9e0a298346b82f04fabd4f60
-
SHA1
735264e7cd43dca269582680ce3609eb5cac0418
-
SHA256
239a8da808d8c8af3c89dda0bfeec6ab1f28a65fefca254e42ac993ee887abd0
-
SHA512
929478f7a8a88cbbd7a31891cf886a24608bbbfcf5128d5e4683e50aa7cb916b1216194e2186eb2ea51c7511caecb4fac03fda3ae037dc22ceaf7522f6577f32
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Formbook Payload
-
Suspicious use of SetThreadContext
-