General
-
Target
PURCHASE ORDER I 5083.exe
-
Size
484KB
-
Sample
210927-jx8k2agacj
-
MD5
d00582b716d424ee1a7cb7b9512a8ae4
-
SHA1
f8db547e1607c97c16f81a68998be1f4d1e2625c
-
SHA256
7e2a14525c0058bca08d945d2358fc629e3080cc111d271253e061a4be0bde17
-
SHA512
bbed76e76b8853163c3d2218d6f7104ca7ee980504a7f75ef95a03857a2a8862370df7ea65fc63c54b3138b0bfb829dc065a9912a4c736deae0322a4105d130a
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER I 5083.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
ergs
http://www.iselotech.com/ergs/
oceanprimesanfrancisco.com
dk-tnc.com
sodangwang.com
abrat-ed.com
dusubiqiqijem.xyz
getsup.online
homeneto.com
shose8.com
tronlane.com
nidowicosasod.xyz
independienteatleticclub.com
pca-winschool.com
realbadnastystories.site
bluevioletfloral.com
simplifiedpeacepodcast.com
abcfreediving.com
theyardbunny.com
holoique.com
ibkr1325.com
tjnfioou.xyz
bumbleapi.com
universityofnorthdakota.com
kisoriyan.com
scienceiva.com
permislbzd.store
mysoiree-lyon.com
philippinenow.com
officialjoyslots.com
casualdatingsites.online
delia-flores.com
eroerofuck.com
myesu.net
tryhard-production.com
3beadsbytj.com
congtycoessentials.net
3doutfits.com
spencersigmon.xyz
mewydyrqd.xyz
manigua.store
teescuchooffee.com
websitetudong.com
shiere.com
rummypepper.com
universeinteriors.com
royaledutyfree.com
evolutionarycurandera.com
seulookexpress.com
seajetguard.com
monikamosur.com
columbiaathleticboosters.com
sem4seo.com
businesstechblueprint.com
kreativemarketingconcepts.com
maisons-france-confort-mp.com
lixinjishaiwang.com
mybrabdmall.com
mrdreamhouse.com
graysrbm.online
theboathub.com
50039219.com
rincondelvinologo.com
coreatechnologyonline.com
artuta.com
teaneckvegan.com
Targets
-
-
Target
PURCHASE ORDER I 5083.exe
-
Size
484KB
-
MD5
d00582b716d424ee1a7cb7b9512a8ae4
-
SHA1
f8db547e1607c97c16f81a68998be1f4d1e2625c
-
SHA256
7e2a14525c0058bca08d945d2358fc629e3080cc111d271253e061a4be0bde17
-
SHA512
bbed76e76b8853163c3d2218d6f7104ca7ee980504a7f75ef95a03857a2a8862370df7ea65fc63c54b3138b0bfb829dc065a9912a4c736deae0322a4105d130a
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-