General
-
Target
inv300123.pdf.rar
-
Size
236KB
-
Sample
211013-llc14adfgl
-
MD5
b593262d2babfb3265de37272c0048aa
-
SHA1
50e60ed8b6d3ba661d2ce8518316ca7b737d9cbd
-
SHA256
f69821010916c746e5e371fcd011dda072fdfc09ac964e9db9506a97cec1fe3e
-
SHA512
8794e400c95a6d913d88c5ceae239570f19a738c4104c582f2041ec355253f79470f014925669104df92c72a067f3283659e3824108fb8fc31780fa661961561
Static task
static1
Behavioral task
behavioral1
Sample
inv300123.pdf.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
s3dy
http://www.livelifevibrantcourse.com/s3dy/
ravlygte.info
marketnewsville.online
flooring-envy.com
flavourhouston.com
donghohanghieunam.com
globleitsolutions.com
digitalgraphicarts.com
cupidbeautybar.com
cannavybes.com
negative-dsp.com
littledali.com
meltwatersoftware.info
blackdogland.com
danasales.com
mississippiscorecard.com
mainesmoker.com
sirenxinlilzixun.com
tychehang.com
gentciu.com
weckloltd.com
posy-socks.com
smp2kroya.com
clientacceleratorchallenge.com
erlacollection.com
027tvs.com
thisdw.com
nonosmell-store.site
underadress.com
principal.properties
ministyles123.com
readtohappiness.com
roostercollection.com
veteransinfrastructureparks.com
theminiverse.com
auto-expresss.club
ciaokitchenandbath.com
sbsfresh.com
onesheart111.com
artofquiet.info
atecwtec.com
scars-finder.online
luckbaanasset.com
vegaguzmanstudio.com
destinedtowander.com
genesaloe.info
shirewindowcleaning.com
dwadawdf001.com
mividaurbana.com
outsiders.house
secondhandcare.club
1031exchangeintoreit.com
zenyoustore.com
bahissikayetvar.net
platforms.trade
dasmusstduhaben.com
frankplex.design
thesiblingsoiree.com
18sdsd.com
oneninelacrosse.com
hdsllawfirm.com
rawrequest.com
jetsetterlifestyle.luxury
karenmendell.com
aspydad.com
Targets
-
-
Target
inv300123.pdf.exe
-
Size
249KB
-
MD5
c1d715af9940a5e70e1ab58fecc18dba
-
SHA1
a223f8c86b1748e3f7bccccd13c864507505e09c
-
SHA256
3b49db8324bc576c3d9e31d4bd1c27af48f3ec36652b95991a3b4803c6a48ad8
-
SHA512
99fef3200ab3cf200a4d23ed95edbbc7005b856b599a2b832bedf9cb16ffc62dc6f5bc6c073a95e3f473b055621e4e022801c72ff4c0ab818253fdba59cafd53
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-