General
-
Target
vbc.bin
-
Size
839KB
-
Sample
210920-nswg5agefp
-
MD5
3dc59de9ed011154938af9c5e29a3e1f
-
SHA1
745034c7572595000bacdb8d71fcb29ffab16b2c
-
SHA256
8fe7837653de9e01919ef2ea22f0b777fc6ee5c4898c33d0ce68b2602b8d4b65
-
SHA512
1852090e7c5f82c5ec4a8c63a0980d70843a770c9cc03e4a598d13c0002d444246d295f9bbaa97ee22ef13213e86243842019efa63b55d95139fc4350d66b142
Static task
static1
Behavioral task
behavioral1
Sample
vbc.bin.exe
Resource
win7-en-20210916
Malware Config
Extracted
formbook
4.1
m8g0
http://www.psicologarenatacruz.com/m8g0/
trypapaya.pro
instructorcornernet.com
techadvisorsfl.com
raunnan.com
filestune.com
learnitanywhereskills.com
beaullife.com
getcovidwear.com
tkrbeautyinstitut.com
lisaphamkhai.com
iconicdds.com
ksoopawlas.com
testosteron.store
jctaketwo.com
awexz.online
onlinening.com
steelwerkschicago.com
lukakordic.com
expertsofcoaching.com
dashcca.com
xn--demiatdirecto-1ib.com
yuhongicm.com
portlandsiege.com
academysta.com
blackwiremedia.com
kent-ro-service.com
awmarkets.com
speleatherware.com
rehabcenters.space
jioscircle.com
sinijitu.com
analyticsyoda.com
shlqjt.com
bikramyogamarietta.com
crowncasino9.com
smokin-balls.com
shirasu-clinic.com
856379912.xyz
ckatesting.club
dideqsa.com
goodreporters.com
bromosyon.com
ilkonceyayincilik.com
domennyarendi32.net
thegrowthinn.com
qsgasia.com
venolbolivia.com
myhalloweengift.com
deeparchivesport.com
stiltedstories.com
btcdonation.info
little-darling.com
maximumpotentialfitness.net
iading.com
datingwithgusto.com
abncustompainting.com
cropadvisorjobs.com
nanoring.info
best-practice-gastro.com
sellitech.net
mixonsolutions.com
throughthelineagency.com
gtat.pro
relicstudios.net
Targets
-
-
Target
vbc.bin
-
Size
839KB
-
MD5
3dc59de9ed011154938af9c5e29a3e1f
-
SHA1
745034c7572595000bacdb8d71fcb29ffab16b2c
-
SHA256
8fe7837653de9e01919ef2ea22f0b777fc6ee5c4898c33d0ce68b2602b8d4b65
-
SHA512
1852090e7c5f82c5ec4a8c63a0980d70843a770c9cc03e4a598d13c0002d444246d295f9bbaa97ee22ef13213e86243842019efa63b55d95139fc4350d66b142
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-