General
-
Target
DBS.cab
-
Size
272KB
-
Sample
211015-vsmnjsbhen
-
MD5
643fd18055afdb5e1cec441f2ce414cd
-
SHA1
ebb7555465e3651ca8efaf82b5b5a98cb473c7d9
-
SHA256
8a8fd3b40dfdd6add285caa0670b678a6fc7c65cbf1ba487fed174789ccb7793
-
SHA512
c7cbe3ee5ea513ad76a2413c251e748dede83f283d70270c7280ecdcf2a51b05227769de49f3c9526e57761a253c04754b8390493dafb98cc59d0630b5ff5649
Static task
static1
Behavioral task
behavioral1
Sample
ghfg5776.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
rv9n
http://www.cjspizza.net/rv9n/
olivia-grace.show
zhuwww.com
keiretsu.xyz
olidnh.space
searuleansec.com
2fastrepair.com
brooklynmetalroof.com
scodol.com
novaprint.pro
the-loaner.com
nextroundscap.com
zbwlggs.com
internetautodealer.com
xn--tornrealestate-ekb.com
yunjiuhuo.com
skandinaviskakryptobanken.com
coxivarag.rest
ophthalmologylab.com
zzzzgjcdbqnn98.net
doeful.com
beatthebank.fund
deposit-pulsa2021.xyz
uptownsecuritysystems.com
thegroveonglendale.com
destinationth.com
healthcareuninsured.com
longhang.xyz
ypxwwxjqcqhutyp.com
ip-15-235-90.net
rancholachiquita.com
macblog.xyz
skillsbazar.com
beatyup.com
academiapinto.com
myguagua.com
fto8y.com
ohioleads.net
paravocebrasil.com
thecanyonmanor.com
acu-bps.com
comunicaretresessanta.net
schwa-bingcorp.com
discountcouponcodes-jp.space
kufazo.online
metaverge.club
800car.online
brendanbaehr.com
garfieldtoken.net
secretfoldr.com
13itcasino.com
marketingatelier.net
computersslide.com
marcastudios.com
thestreetsoflondon.life
maintaintest.com
cronicasdebia.com
apm-app.com
sepulchral.xyz
lodha-project.com
theartofsoulwork.com
swimminglessonsshop.com
klarnabet.com
control-of-space.net
heliumathletic.com
Targets
-
-
Target
ghfg5776.exe
-
Size
284KB
-
MD5
bb0932c47b65c0ab72b9f9b87e26e292
-
SHA1
6a60a4798b6f4ded51f845c1c980b216b19ffc04
-
SHA256
90be634820b42505da42769e83ebc62ab133090c810b64140c551fc4136c5fe7
-
SHA512
51942eafa04c2abb8f0000400e16dd95b34d318d4e6592550c1fe884eb24b1132cfa946346f9a149042a2519800fa39f56e64082e0fa65eb30848687112f6548
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-