General
-
Target
Payment.rar
-
Size
486KB
-
Sample
210915-jfa87sdbfk
-
MD5
48c35de47d4446a5d76ab21e96b1d58f
-
SHA1
8c2182e3bf35d578294bbb09b09a08812459a56f
-
SHA256
ca1e8896fedd1f7e22799e7c5ccf9f1a7898e4602890efc47285cf0cfead7b46
-
SHA512
55e52e32a6d139b3d044b500bdd58e6bef460ddcfcd25913176728b232e41907d6a2b145f9d6a63d2958b43af54ba7ad45b4b9d136192b871e3b9aba6099e69a
Static task
static1
Behavioral task
behavioral1
Sample
Payment.exe
Resource
win7v20210408
Malware Config
Extracted
formbook
4.1
pm7s
http://www.rafaelcristino.com/pm7s/
angrypeacocks.site
theindependentartlable.com
coachingforthewin.com
localbizsc.com
drive-a-supercar.com
mewsette.com
scinuh.com
gurugramaffordablehomes.com
riamedefarm.com
richfitzfashions.com
u9j1o.info
dife-rent.com
talesfromthequadrat.com
dandfmotors.com
springtexasdentist.com
gobakala.store
earlyeducationglobal.com
sdrxsb.site
dreamlifebiz.com
theurbancaveshop.com
rojkikhabar.com
honeycreek-vision.com
robinnicholsrealty.com
orilliatownhouseteam.com
ipedal.xyz
ropemillcreekpaddleboarding.com
monbeauchien.com
achtsamkeit-in-der-schule.com
towtruckperth.com
shijijiaoyou.com
belangespiritualstore.com
gmignitionswitcheconomicset.com
tracelanelog.com
infiniteavionics.com
kornfelder.com
unnsa.xyz
billonblocjs.com
savingcambodia.com
darienkitchens.com
ecetonline.com
softcenchina.com
eu-global.space
americajustsayit.com
getverthanger.com
arrowlankaexports.com
xn--uds17hya4f549f40d.com
btlbusinesscoaching.com
aktive.net
awkamga.com
borostamas.com
tuolum.net
tnshomebuyers.com
signatureperformace.com
s16.solutions
thethoughtrecord.com
onexotyland.com
deintuning.com
wellrecognizewell.com
rugpat.com
shellieclarksonsbeautique.com
cevicheatl.com
usasbe.com
listenonrepear.com
qanoonpharmacy.com
Targets
-
-
Target
Payment.exe
-
Size
616KB
-
MD5
933cedbe56bd04acdbbb183a0004162b
-
SHA1
9a255a7eaa2dd334dcde3f9c8f73e8c25e3a8a65
-
SHA256
a57534ac7570e5be7e25f1c0d9745dc549d56b193ed7b1547e61ae79485edc1c
-
SHA512
42cce5f2e1d9a96bddd3312c7433a2620a3aef84c612501728f77fca159620ff4c69885933e7a2a15c72d7e8a44a0d2e76d41bb2ba6ccb7ec9be04d10cd72545
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-