General
-
Target
copias SWIFT 2001736696.exe
-
Size
886KB
-
Sample
210804-lrmlsh6bse
-
MD5
a4d36c26bb40008d29253076a08266fe
-
SHA1
7239d87ab55386ca6d328ccb00f67b912972e420
-
SHA256
10e69f027081ac8e4522e8e38ad5f30d3bb0526d421c2273b14b9726662ad770
-
SHA512
56f35e906e522b5a2575a379dbddfed9eb32112f56fe6bda4163524e3dbdb0be7927441ab78834ebf7e685e995c0df9ecff7d526e59eacaaa9ac2c0b67c713dd
Static task
static1
Behavioral task
behavioral1
Sample
copias SWIFT 2001736696.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
copias SWIFT 2001736696.exe
Resource
win10v20210408
Malware Config
Extracted
formbook
4.1
http://www.kmresults.com/n7ak/
modischoolcbse.com
theneverwinter.com
rszkjx-vps-hosting.website
fnihil.com
1pbet.com
nnowzscorrez.com
uaotgvjl.icu
starmapsqatar.com
ekisilani.com
extradeepsheets.com
jam-nins.com
buranly.com
orixentertainment.com
rawtech.energy
myol.guru
utex.club
jiapie.com
wowig.store
wweidlyyl.com
systaskautomation.com
citromudas3a.com
plasticstone.icu
pawchamamapet.com
beautybybby.com
mor-n-mor.com
getoffyourhighhorses.com
chieucaochoban9.xyz
grahamevansmp.com
amplaassessoria.net
nutricookindia.com
wazymbex.icu
joansironing.com
hallforless.com
mycourseprofits.com
precps.com
cookislandstourismpodcast.com
bestonlinedealslive.com
bug.chat
ptjbtoqonjtrwpvkfgmjvwp.com
tortniespodzianka.store
qxkbjgj.icu
aurashape.com
guinealive.com
mondialeresources.com
offthebreak.site
maxamproductivity.com
thebiztip.com
thelocalrea.com
laeducacionadistancia.com
inpakgroup.com
lvgang360.com
allvegangoods.com
tymudanzaramos.com
simpleframeswork.com
thehappycars.com
directfenetres.net
norskatferdsterapi.com
hostingcnx.com
ksmh5x.com
thespiritworldinvitational.com
jetsetwilly3.com
gameflexdev.com
tryhuge.com
vaporvspaper.com
Targets
-
-
Target
copias SWIFT 2001736696.exe
-
Size
886KB
-
MD5
a4d36c26bb40008d29253076a08266fe
-
SHA1
7239d87ab55386ca6d328ccb00f67b912972e420
-
SHA256
10e69f027081ac8e4522e8e38ad5f30d3bb0526d421c2273b14b9726662ad770
-
SHA512
56f35e906e522b5a2575a379dbddfed9eb32112f56fe6bda4163524e3dbdb0be7927441ab78834ebf7e685e995c0df9ecff7d526e59eacaaa9ac2c0b67c713dd
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-