General
-
Target
Untitled attachment 00075.exe
-
Size
938KB
-
Sample
211007-tctlgschbk
-
MD5
8cad21a8377f81f6647fac069ff6222d
-
SHA1
c06845f662d64492d4c4df1a6c506d20bebda40d
-
SHA256
a4bf92333fa0839d92c30859f87f08f91f988c35dd30227c2b4fe60e7188a4a2
-
SHA512
e6373bc79be0361d0fe60456a466f620d476e706770ebd15fc17ca3ee28b7b12d09eb70e3caf5ea3db8d4b778822e6830fc9ffe0c1d3e90fa6e01f4438c95a12
Static task
static1
Behavioral task
behavioral1
Sample
Untitled attachment 00075.exe
Resource
win7v20210408
Malware Config
Extracted
formbook
4.1
n7ak
http://www.kmresults.com/n7ak/
modischoolcbse.com
theneverwinter.com
rszkjx-vps-hosting.website
fnihil.com
1pbet.com
nnowzscorrez.com
uaotgvjl.icu
starmapsqatar.com
ekisilani.com
extradeepsheets.com
jam-nins.com
buranly.com
orixentertainment.com
rawtech.energy
myol.guru
utex.club
jiapie.com
wowig.store
wweidlyyl.com
systaskautomation.com
citromudas3a.com
plasticstone.icu
pawchamamapet.com
beautybybby.com
mor-n-mor.com
getoffyourhighhorses.com
chieucaochoban9.xyz
grahamevansmp.com
amplaassessoria.net
nutricookindia.com
wazymbex.icu
joansironing.com
hallforless.com
mycourseprofits.com
precps.com
cookislandstourismpodcast.com
bestonlinedealslive.com
bug.chat
ptjbtoqonjtrwpvkfgmjvwp.com
tortniespodzianka.store
qxkbjgj.icu
aurashape.com
guinealive.com
mondialeresources.com
offthebreak.site
maxamproductivity.com
thebiztip.com
thelocalrea.com
laeducacionadistancia.com
inpakgroup.com
lvgang360.com
allvegangoods.com
tymudanzaramos.com
simpleframeswork.com
thehappycars.com
directfenetres.net
norskatferdsterapi.com
hostingcnx.com
ksmh5x.com
thespiritworldinvitational.com
jetsetwilly3.com
gameflexdev.com
tryhuge.com
vaporvspaper.com
Targets
-
-
Target
Untitled attachment 00075.exe
-
Size
938KB
-
MD5
8cad21a8377f81f6647fac069ff6222d
-
SHA1
c06845f662d64492d4c4df1a6c506d20bebda40d
-
SHA256
a4bf92333fa0839d92c30859f87f08f91f988c35dd30227c2b4fe60e7188a4a2
-
SHA512
e6373bc79be0361d0fe60456a466f620d476e706770ebd15fc17ca3ee28b7b12d09eb70e3caf5ea3db8d4b778822e6830fc9ffe0c1d3e90fa6e01f4438c95a12
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-