General
-
Target
Potvrda narudzbe u prilogu.exe
-
Size
1001KB
-
Sample
211014-j11plagecn
-
MD5
1708ec34ff4cd862e935fec79966887b
-
SHA1
79ea76f3939a052e58ca214b839a7c5431c42cb0
-
SHA256
fe6bd626fd98e3c0e4a2c350e5d927398e22e7731e7c2e1f31bc02181735c4e0
-
SHA512
8ab1d48386eab45c72a3de79a9f28a9502f60928dac03c41e20af1d686a081ada66a78372d47242535308bbe8bea17ccd1765c560a8343ea9a056eb503ff1cb5
Static task
static1
Behavioral task
behavioral1
Sample
Potvrda narudzbe u prilogu.exe
Resource
win7v20210408
Malware Config
Extracted
formbook
4.1
bc3s
http://www.topei-products.com/bc3s/
anna-ng.com
mariangelamata.com
szqnbl.com
nesherguitars.com
mysekrit.com
againbeautyviensui.xyz
appf.life
bilalsolution.com
technoratii.com
11restoran.com
birthingly.com
crystalcarrillo.com
cohenasset.info
bunchofdesign.com
highstreetmag.com
talentkerning.com
outdoor-glassesadvice.com
aliceeety.com
habbuhot.info
pao91.com
resgatarpontosparavoce.com
tuancai.net
cnynckcrw.com
visaza.com
paulettecallen.com
kandmfinancialgroup.com
malibuclassix.com
thespoonteller.com
vidyaxyp.com
xn--gmsepetim-q9ab20j.com
saudesexualdoshomens.com
safehandmarketing.com
yebimhieu.site
alimitchellmedia.com
andrewpatrickpiette.com
astro-paradise.com
domainechoquet.com
navihealthpartners.com
detroitveganseafood.com
spankingandpunishment.com
magalu-queromais.com
mallsinup.com
rmsnidlogini.cloud
lifeisveryessential.com
stolzfus.com
iniciala.com
designslayers.com
clinivahq.com
ubersms.com
welenb.com
skyegroupllc.com
happyburger.net
moredate-s.com
alon-mail.com
voceprofessor.com
dokadveri.com
lafabricadisseny.com
westwooddesign.net
blossoms-boutique.com
jumtix.xyz
dietgulfport.com
soccerstreamer.com
lapurtcedd.com
secret-mall.com
Targets
-
-
Target
Potvrda narudzbe u prilogu.exe
-
Size
1001KB
-
MD5
1708ec34ff4cd862e935fec79966887b
-
SHA1
79ea76f3939a052e58ca214b839a7c5431c42cb0
-
SHA256
fe6bd626fd98e3c0e4a2c350e5d927398e22e7731e7c2e1f31bc02181735c4e0
-
SHA512
8ab1d48386eab45c72a3de79a9f28a9502f60928dac03c41e20af1d686a081ada66a78372d47242535308bbe8bea17ccd1765c560a8343ea9a056eb503ff1cb5
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-