General
-
Target
PO 09980.7z
-
Size
337KB
-
Sample
211014-j9pcxsgehj
-
MD5
65e76ae9f711640ad4b14b4032c77bed
-
SHA1
0362db3795a1aa8533db56ec582776d8fc454b91
-
SHA256
1bc18c93db3e4a7aa6be09da21bff8ef310590a31e3d66e0e4dce94a546cdc9c
-
SHA512
01e84784fc00d4db6664b2e24cb8fbfccaf5e671d43c23b2fed5469a70a410632471219c26b39f1c9dc5d65c35876948c45c72e18cfb4803f1ebc11fe6e81e83
Static task
static1
Behavioral task
behavioral1
Sample
New Order 09980.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
dn7r
http://www.yourherogarden.net/dn7r/
eventphotographerdfw.com
thehalalcoinstaking.com
philipfaziofineart.com
intercoh.com
gaiaseyephotography.com
chatbotforrealestate.com
lovelancemg.com
marlieskasberger.com
elcongoenespanol.info
lepirecredit.com
distribution-concept.com
e99game.com
exit11festival.com
twodollartoothbrushclub.com
cocktailsandlawn.com
performimprove.network
24horas-telefono-11840.com
cosmossify.com
kellenleote.com
perovskite.energy
crosschain.services
xiwanghe.com
mollycayton.com
bonipay.com
uuwyxc.com
viberiokno-online.com
mobceo.com
menzelna.com
tiffaniefoster.com
premiumautowesthartford.com
ownhome.house
bestmartinshop.com
splashstoreofficial.com
guidemining.com
ecshopdemo.com
bestprinting1.com
s-circle2020.com
ncagency.info
easydigitalzone.com
reikiforthecollective.com
theknottteam.com
evolvedpixel.com
japxo.online
ryansqualityrenovations.com
dentimagenquito.net
pantherprints.co.uk
apoporangi.com
thietkemietvuon.net
ifernshop.com
casaruralesgranada.com
camp-3saumons.com
eddsucks.com
blwcd.com
deldlab.com
susanperb.com
autosanitizingsolutions.com
femhouse.com
ironcageclash.com
thekinghealer.com
shaghayeghbovand.com
advertfaces.com
lonriley.com
mased-world.online
mythicspacex.com
Targets
-
-
Target
New Order 09980.exe
-
Size
451KB
-
MD5
6387893aceaabeda2d1ab2eb5d902057
-
SHA1
1f8e30bf14f877fd200673e01cf53c45bb811fba
-
SHA256
05492398a92bdb980442a4893b4db7f34e440ba791653c1bd232a7d8a6577372
-
SHA512
bbfa58964f56e52e8edcfcc830c14da96d9532cac670f57d75d1d9699ac2bacc82be2d74571bc574546d522ea88479b9d6b7113e6cfe1a2f32b6681a4ba51bd7
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-