General
-
Target
doc0490192021092110294.lzh
-
Size
436KB
-
Sample
210924-jqepdagcer
-
MD5
08ce80d4380f4145d01cf821d7fce034
-
SHA1
156f96119019650be093d7754c64628a5a77ad31
-
SHA256
aa2959d2c85e38ff431701c308fdc8cd71f173bfa9aaa5f02a2fb89c1782d299
-
SHA512
42987a93459e90c311174c7d82ad77c89a607c4619082dc4ce550c200e0c022e99fffd97a977ebac6a5fd885185d6484110f1af8e70d2847e259fc95a1a7b48a
Static task
static1
Behavioral task
behavioral1
Sample
doc0490192021092110294.exe
Resource
win7v20210408
Malware Config
Extracted
formbook
4.1
ergs
http://www.iselotech.com/ergs/
oceanprimesanfrancisco.com
dk-tnc.com
sodangwang.com
abrat-ed.com
dusubiqiqijem.xyz
getsup.online
homeneto.com
shose8.com
tronlane.com
nidowicosasod.xyz
independienteatleticclub.com
pca-winschool.com
realbadnastystories.site
bluevioletfloral.com
simplifiedpeacepodcast.com
abcfreediving.com
theyardbunny.com
holoique.com
ibkr1325.com
tjnfioou.xyz
bumbleapi.com
universityofnorthdakota.com
kisoriyan.com
scienceiva.com
permislbzd.store
mysoiree-lyon.com
philippinenow.com
officialjoyslots.com
casualdatingsites.online
delia-flores.com
eroerofuck.com
myesu.net
tryhard-production.com
3beadsbytj.com
congtycoessentials.net
3doutfits.com
spencersigmon.xyz
mewydyrqd.xyz
manigua.store
teescuchooffee.com
websitetudong.com
shiere.com
rummypepper.com
universeinteriors.com
royaledutyfree.com
evolutionarycurandera.com
seulookexpress.com
seajetguard.com
monikamosur.com
columbiaathleticboosters.com
sem4seo.com
businesstechblueprint.com
kreativemarketingconcepts.com
maisons-france-confort-mp.com
lixinjishaiwang.com
mybrabdmall.com
mrdreamhouse.com
graysrbm.online
theboathub.com
50039219.com
rincondelvinologo.com
coreatechnologyonline.com
artuta.com
teaneckvegan.com
Targets
-
-
Target
doc0490192021092110294.exe
-
Size
478KB
-
MD5
f22b3511efd4b6bb233ac4e30170b997
-
SHA1
98060cb83afb98719af740abd07b0f413dc75530
-
SHA256
6fd5dbec01eb7f767fc3b4046d9aa50f80e50f5ab9439480efb87620faef473c
-
SHA512
f86eed36dc05d7f49d744461f73ce03b6906ae6e3571cfb624d0a9d7a91062f0dcdc13201b6c6ebc1116f4853a868308082a5dd8dcccec8b2fdeeb37a9962329
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-