General
-
Target
CNEW ORDER17.exe
-
Size
960KB
-
Sample
211014-rnq9dsadhn
-
MD5
c54edc9ef9d72fe0fe048e8ac884626b
-
SHA1
11dce70f33e490eb9b89726776915a374bb59a59
-
SHA256
43fcb442b80665d42271689310ebd569e84f74287063a62e14beba808178e098
-
SHA512
c65d37de77ad4598ee0b665145c988681d38fc26aa2eb2f5b5d1b73646eaa843cb18c4172d0ed7dcee4bd25bdf692e7b1aacc410a56b6959158f9e3bab1f0c81
Static task
static1
Behavioral task
behavioral1
Sample
CNEW ORDER17.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
h0c4
http://www.cursoukulelegospel.com/h0c4/
looknewly.com
icha2016.com
datnenhoalachn.xyz
fark.ltd
zjlj.site
carpinteriacansino.com
atozmp33.com
oficialacesso.com
tuningfrance.com
rmm-mx96r.net
outsidestyleshop.com
eufundas.com
a91furniture.com
sfme.net
englisch.coach
wallacechen.info
nyayeo.com
jintongstore.com
vanwerknaarwerk.info
thekimlab.net
morvirtualassistant.com
ichatbengal.com
doctors-technology.com
mississippisms.com
koopa.codes
sproutheads.com
gardenkitchenspa.com
hoom.life
wiselogistic.com
appadaptor.com
jumtix.xyz
academiavirtualjjb.com
pcmrmf.com
hlsx069.com
sunielkapoor.com
truetaster.com
rylautosales.com
cgmobile.net
www-inloggen-nl.info
businesswebstrategy.net
fetch-a-sg-hair-transplant.fyi
paintingservicespune.com
cakeeyes.net
tandebrokers.com
navigantcapitalpartners.com
hubska.com
foillaws.com
battletraining.com
bitcoin-recovery.com
yourbuildvideos.com
naturalsumaq.com
prasikapsychotherapy.com
jphousecleaningservices.com
fetch-hepatitis-c.zone
easypay-agent.com
ronaldcraig.com
highonloveshop.com
bayharborislandhouse2.com
aventuramaker.com
han-chill.com
wrapmeupbkk.com
videomarketing.tips
ishouldntbthareasonugohard.com
psychotherapie-wermuth.com
Targets
-
-
Target
CNEW ORDER17.exe
-
Size
960KB
-
MD5
c54edc9ef9d72fe0fe048e8ac884626b
-
SHA1
11dce70f33e490eb9b89726776915a374bb59a59
-
SHA256
43fcb442b80665d42271689310ebd569e84f74287063a62e14beba808178e098
-
SHA512
c65d37de77ad4598ee0b665145c988681d38fc26aa2eb2f5b5d1b73646eaa843cb18c4172d0ed7dcee4bd25bdf692e7b1aacc410a56b6959158f9e3bab1f0c81
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-