General
-
Target
Se adjunta estado de cuenta.exe
-
Size
774KB
-
Sample
211014-ldwhgagfhm
-
MD5
4a951f6b124474b354ad38403074d5bd
-
SHA1
b633ade3ba620fcc4ae0a96adc0e30c502cf3017
-
SHA256
5d94a08cddf84ab11cc26e7e8531a04bab46f9ddf44c1ccd7e38a269ffdfaad0
-
SHA512
3b1c03ee01a32e186e4a9a84f90f6713c90c7cc04e974d28956155ba754d5cc19e5544b9815b069a5284dd1d05eecd36b4e137945619281041b43c5f26a53d73
Static task
static1
Malware Config
Extracted
formbook
4.1
bc3s
http://www.topei-products.com/bc3s/
anna-ng.com
mariangelamata.com
szqnbl.com
nesherguitars.com
mysekrit.com
againbeautyviensui.xyz
appf.life
bilalsolution.com
technoratii.com
11restoran.com
birthingly.com
crystalcarrillo.com
cohenasset.info
bunchofdesign.com
highstreetmag.com
talentkerning.com
outdoor-glassesadvice.com
aliceeety.com
habbuhot.info
pao91.com
resgatarpontosparavoce.com
tuancai.net
cnynckcrw.com
visaza.com
paulettecallen.com
kandmfinancialgroup.com
malibuclassix.com
thespoonteller.com
vidyaxyp.com
xn--gmsepetim-q9ab20j.com
saudesexualdoshomens.com
safehandmarketing.com
yebimhieu.site
alimitchellmedia.com
andrewpatrickpiette.com
astro-paradise.com
domainechoquet.com
navihealthpartners.com
detroitveganseafood.com
spankingandpunishment.com
magalu-queromais.com
mallsinup.com
rmsnidlogini.cloud
lifeisveryessential.com
stolzfus.com
iniciala.com
designslayers.com
clinivahq.com
ubersms.com
welenb.com
skyegroupllc.com
happyburger.net
moredate-s.com
alon-mail.com
voceprofessor.com
dokadveri.com
lafabricadisseny.com
westwooddesign.net
blossoms-boutique.com
jumtix.xyz
dietgulfport.com
soccerstreamer.com
lapurtcedd.com
secret-mall.com
Targets
-
-
Target
Se adjunta estado de cuenta.exe
-
Size
774KB
-
MD5
4a951f6b124474b354ad38403074d5bd
-
SHA1
b633ade3ba620fcc4ae0a96adc0e30c502cf3017
-
SHA256
5d94a08cddf84ab11cc26e7e8531a04bab46f9ddf44c1ccd7e38a269ffdfaad0
-
SHA512
3b1c03ee01a32e186e4a9a84f90f6713c90c7cc04e974d28956155ba754d5cc19e5544b9815b069a5284dd1d05eecd36b4e137945619281041b43c5f26a53d73
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-