General
-
Target
Quotation.exe
-
Size
681KB
-
Sample
211015-czay8abbgl
-
MD5
ac60641d19eddddd9333246ec6f44854
-
SHA1
c43fa84b2cb0f48d35c02e6e8d7d1e38052e744a
-
SHA256
ad5677c0ff91bf9debb1932f70d7437417598d9af986e44395559635dd4285b8
-
SHA512
eddfad06e4b4d5f33dd2ae38413121ace4bf1695d5b4c37a8f4a1a4ae9f55170182c88805327c902246b5ac640aac0af84c42092f3c4ab625f816d4d3c93380a
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
gt4l
http://www.dlsair.com/gt4l/
livewithangelavaladez.xyz
pdla1oorf7.com
edroi.com
prysodt.xyz
yacht-chi7-sanlorenzo.com
worenocy.com
sprayfoamsave.com
felipelourenco.online
thisnthatpaithailand.com
troyl.ink
apptohealth.com
colectivasolar.net
gljsbq.com
futsunoossan.com
fairmountuniversity.com
schaff-smart-solutions.gmbh
releasingpro.com
katiescarlettartist.com
netskopesecurity.com
erfdj.net
venturedi.com
evergreenstatenisland.com
alkadira.com
ellawortmann.com
tampamalpracticelawyers.com
secretgermanjodrl.com
hss-japan.com
theliberators.online
shihtzudynastystuds.com
covidvaccineinjurylawyer.net
yzhouse.xyz
tovarhit.xyz
server114.xyz
fargosupport.online
coolibri.net
positivepsychologypress.com
americanagirls.com
retaillinkexchange.com
jzjierui.com
firehouselive.com
goldenwingtransports.com
fujitsu-development.com
icarecase.com
jewsaidit.com
beritapurwakarta.com
bearhelvetet.com
mari-vis-olive-n.com
shzwzkl.com
siouxempireplaytherapy.com
mefacin.online
iimak-armorasia.com
rushvalidator.com
lizwennerzmzuofpojtun.com
twinsrose.com
based.network
https882ys2.xyz
xingyaplasticpipe.com
focusonfriends.com
onlycollab.com
yaygmu.com
diproserspa.com
mineria-technologies.com
projokar.com
jokesouo.com
Targets
-
-
Target
Quotation.exe
-
Size
681KB
-
MD5
ac60641d19eddddd9333246ec6f44854
-
SHA1
c43fa84b2cb0f48d35c02e6e8d7d1e38052e744a
-
SHA256
ad5677c0ff91bf9debb1932f70d7437417598d9af986e44395559635dd4285b8
-
SHA512
eddfad06e4b4d5f33dd2ae38413121ace4bf1695d5b4c37a8f4a1a4ae9f55170182c88805327c902246b5ac640aac0af84c42092f3c4ab625f816d4d3c93380a
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-