General
-
Target
FATURA.exe
-
Size
673KB
-
Sample
210915-ncmkaadfdq
-
MD5
b9b06fda79e5972fb5706b3eb14236c8
-
SHA1
da6313e7943e398a78beb30447008fc32280b96d
-
SHA256
401278cbfa654446819a4a6447882e49ef5bfec3fe2947e9cf07fd75c6c6e13a
-
SHA512
c41723f9e57a620e4da9f337ff3a42bf4012c0b73be7d813f4eb0d0b8e3ff5c9b9950a82ba09d3e948e72d9a5838402731cf910b567d5c46005c55c1e928b76c
Static task
static1
Behavioral task
behavioral1
Sample
FATURA.exe
Resource
win7-en
Malware Config
Extracted
formbook
4.1
s3dy
http://www.livelifevibrantcourse.com/s3dy/
ravlygte.info
marketnewsville.online
flooring-envy.com
flavourhouston.com
donghohanghieunam.com
globleitsolutions.com
digitalgraphicarts.com
cupidbeautybar.com
cannavybes.com
negative-dsp.com
littledali.com
meltwatersoftware.info
blackdogland.com
danasales.com
mississippiscorecard.com
mainesmoker.com
sirenxinlilzixun.com
tychehang.com
gentciu.com
weckloltd.com
posy-socks.com
smp2kroya.com
clientacceleratorchallenge.com
erlacollection.com
027tvs.com
thisdw.com
nonosmell-store.site
underadress.com
principal.properties
ministyles123.com
readtohappiness.com
roostercollection.com
veteransinfrastructureparks.com
theminiverse.com
auto-expresss.club
ciaokitchenandbath.com
sbsfresh.com
onesheart111.com
artofquiet.info
atecwtec.com
scars-finder.online
luckbaanasset.com
vegaguzmanstudio.com
destinedtowander.com
genesaloe.info
shirewindowcleaning.com
dwadawdf001.com
mividaurbana.com
outsiders.house
secondhandcare.club
1031exchangeintoreit.com
zenyoustore.com
bahissikayetvar.net
platforms.trade
dasmusstduhaben.com
frankplex.design
thesiblingsoiree.com
18sdsd.com
oneninelacrosse.com
hdsllawfirm.com
rawrequest.com
jetsetterlifestyle.luxury
karenmendell.com
aspydad.com
Targets
-
-
Target
FATURA.exe
-
Size
673KB
-
MD5
b9b06fda79e5972fb5706b3eb14236c8
-
SHA1
da6313e7943e398a78beb30447008fc32280b96d
-
SHA256
401278cbfa654446819a4a6447882e49ef5bfec3fe2947e9cf07fd75c6c6e13a
-
SHA512
c41723f9e57a620e4da9f337ff3a42bf4012c0b73be7d813f4eb0d0b8e3ff5c9b9950a82ba09d3e948e72d9a5838402731cf910b567d5c46005c55c1e928b76c
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-