General
-
Target
KOC RFQ.lzh
-
Size
129KB
-
Sample
210921-eyft7aaffp
-
MD5
49b9b68df043d3911e6dc952ed8df63d
-
SHA1
2bfd372f96936ed7d155cb5d9c10a42662e66f7d
-
SHA256
c6fe795f888534f4d6ba3152e95f694dc57878d4ba9875af9af347d432598d00
-
SHA512
6b0eb240767bfa42194f46a5fdd50ffc0920420cdd7214f8a011c37ee151b2672e45e87cfafe94b9c1830d61f7fe36851736f9953266c17e161aa9424bca37a1
Behavioral task
behavioral1
Sample
KOC RFQ.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
ucze
http://www.ryankim.site/ucze/
secaucusmoversnearme.com
superbaddog.com
scppore.com
debenspaceslimited.com
ondemandmedicalgroup.net
elegantaffairexpo.com
casadelmigrantevenezuela.com
meritoriousjournals.com
swiftglobalexpress.com
randiny.com
1g30p.com
theeecreative.com
edstarrswindowcleaning.com
nexaesport.com
macvideogeek.com
nftteria.com
diogo-lino.com
samcdelivery.com
st666.place
business-page9982.com
winning.ink
cqrifenggjg.com
mo8s3a25.xyz
academiedecafedemontreal.com
newxc.xyz
9uy4sj6s.xyz
southsernpipe.com
uqww.online
theinterneticity.com
aisolarpanels.com
saltcitylawyer.com
daveretail.com
thesolutionscove.com
deypant.online
terrafreedom.online
tj-limited.com
nokiantyresremedy.com
jiadejie.com
gearrecycle.com
jobhunting.online
nicolechecchi.com
13integrated.com
gf0liiar.xyz
charlottedelisle.com
kcmqt.com
shaftx.com
jhimandos.com
k0bionww.com
timothyeller.com
uclubdc.com
pw-sneakers.com
e-fiskalizacija.biz
genericperu.com
4thwellblog.com
spacexevent.com
nissiinc.com
sophiasplacevenue.online
newyorkmagiclab.com
45896.online
mywestvalleyfitness.com
xbjzsb.com
sandrinebonomo.com
onestopchargingshop.com
y48054.com
Targets
-
-
Target
KOC RFQ.exe
-
Size
185KB
-
MD5
253637fd81b504d554f9c6c0485394c2
-
SHA1
d6746cea35f9dba9fa2d2a99eb76a5152aa3e2d0
-
SHA256
fb4840549b45ab906a4908eb0f5c179d5f8af16a0714d1ab6783b847c7015f80
-
SHA512
a41d0c3b12e1689acee80f0892487feab68b7c1d7a65cc8a18fe67b8bd9eed45feb59d503a2a792febc9246ceb2d351bc9ec499f4e43394f6888d0623f97a41e
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-