General
-
Target
ORDER PROPOSAL.exe
-
Size
323KB
-
Sample
210816-lwtr7ef14j
-
MD5
376b4ec91fc3fb35e98c46435116eccf
-
SHA1
de7dad010ec5114b57bcdd87a0795ad8060ff103
-
SHA256
0879dee35833049ac723a101661d8f5a4bb92528b98fa27fc564a44649161862
-
SHA512
273f87a80c34f33c3a2c277dc6cb8bc64b38380ac654c24a15f319d1ee34ec4886c2a60a2301ddb0913c727f7d6969ea0c2717fe6b284e14bc74310811b449ec
Static task
static1
Behavioral task
behavioral1
Sample
ORDER PROPOSAL.exe
Resource
win7v20210408
Malware Config
Extracted
formbook
4.1
m4ts
http://www.activelyfe.com/m4ts/
sverreogjenny.com
hybctd.com
cash4homesutah.com
finaday.com
thecreepniks.com
yumnamc.com
hkk-diary-notes.com
enhancedtech.net
bestmercedesbenzwebsite.com
healingmusicx.com
coegl.com
apinchofearth.com
headsetlinks.com
gxshenghuang.com
skyscrapersaluminium.com
seres.tech
mycrystalcare.com
irgemedia.com
hscecourses.com
ludicrousnutrients.xyz
ijawaban.com
realtorroger.com
indogameonline.com
idahocommission.asia
hrj.xyz
goldenwomenclub.com
istanbulfilmokulu.com
best-builders.company
linhtoppershop.com
rhinoblaster.com
terrencemorse.com
salinassurfschool.com
ec5maricelpepito.com
ina-bearings.com
superverbouwing.online
f8seo.com
ryleetuttle.com
simplypaintedbygeorgie.com
zillow-agent.com
solevux.com
anthonycrivello.com
nisssellshomes.com
passiveincomemasterclass.com
sosyalamca.com
shopsofli.com
justhax.com
xn--80adiohlhhphbse.com
italiamo-magagine.com
charmstonetherapy.com
patentedstemcelltechnology.com
allphaselandscaping.com
amastanhotels.com
dandishandidesigns.net
canyoubelievethisguy.com
minaswinebar.com
tariqakbartextiles.com
opticasgenesis.com
beautyorhealth.club
runhui-ltd.com
fundadilla.com
fuzbaxk.com
virtualvandy.com
halotheark.com
olivepierce.com
Targets
-
-
Target
ORDER PROPOSAL.exe
-
Size
323KB
-
MD5
376b4ec91fc3fb35e98c46435116eccf
-
SHA1
de7dad010ec5114b57bcdd87a0795ad8060ff103
-
SHA256
0879dee35833049ac723a101661d8f5a4bb92528b98fa27fc564a44649161862
-
SHA512
273f87a80c34f33c3a2c277dc6cb8bc64b38380ac654c24a15f319d1ee34ec4886c2a60a2301ddb0913c727f7d6969ea0c2717fe6b284e14bc74310811b449ec
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-