General
-
Target
rro4126.exe
-
Size
256KB
-
Sample
211011-n87v4ahbem
-
MD5
734e49a5eb9193a08ab2a1f66c4ec254
-
SHA1
bc1004564de46d39269e7c844d1094f869c988d8
-
SHA256
c12bd972fbf3301e40fa75c3e295a8bd0233bf1f5fa100e79ab7f6755f7b6788
-
SHA512
89c4a188c143ba5d9a636f733b475ba9e67aae287cb36f26b471d0fed29a46ba8b1f9032358c22eeee8463c3667eb5d054c822aaa5a6f4d91b47bfd19e558f38
Static task
static1
Behavioral task
behavioral1
Sample
rro4126.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
rv9n
http://www.cjspizza.net/rv9n/
olivia-grace.show
zhuwww.com
keiretsu.xyz
olidnh.space
searuleansec.com
2fastrepair.com
brooklynmetalroof.com
scodol.com
novaprint.pro
the-loaner.com
nextroundscap.com
zbwlggs.com
internetautodealer.com
xn--tornrealestate-ekb.com
yunjiuhuo.com
skandinaviskakryptobanken.com
coxivarag.rest
ophthalmologylab.com
zzzzgjcdbqnn98.net
doeful.com
beatthebank.fund
deposit-pulsa2021.xyz
uptownsecuritysystems.com
thegroveonglendale.com
destinationth.com
healthcareuninsured.com
longhang.xyz
ypxwwxjqcqhutyp.com
ip-15-235-90.net
rancholachiquita.com
macblog.xyz
skillsbazar.com
beatyup.com
academiapinto.com
myguagua.com
fto8y.com
ohioleads.net
paravocebrasil.com
thecanyonmanor.com
acu-bps.com
comunicaretresessanta.net
schwa-bingcorp.com
discountcouponcodes-jp.space
kufazo.online
metaverge.club
800car.online
brendanbaehr.com
garfieldtoken.net
secretfoldr.com
13itcasino.com
marketingatelier.net
computersslide.com
marcastudios.com
thestreetsoflondon.life
maintaintest.com
cronicasdebia.com
apm-app.com
sepulchral.xyz
lodha-project.com
theartofsoulwork.com
swimminglessonsshop.com
klarnabet.com
control-of-space.net
heliumathletic.com
Targets
-
-
Target
rro4126.exe
-
Size
256KB
-
MD5
734e49a5eb9193a08ab2a1f66c4ec254
-
SHA1
bc1004564de46d39269e7c844d1094f869c988d8
-
SHA256
c12bd972fbf3301e40fa75c3e295a8bd0233bf1f5fa100e79ab7f6755f7b6788
-
SHA512
89c4a188c143ba5d9a636f733b475ba9e67aae287cb36f26b471d0fed29a46ba8b1f9032358c22eeee8463c3667eb5d054c822aaa5a6f4d91b47bfd19e558f38
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-