General
-
Target
SecuriteInfo.com.Trojan.Inject4.17696.9430.31863
-
Size
417KB
-
Sample
211018-jvej6sebak
-
MD5
cdda5b2580b9392c15f9dbf31e194a48
-
SHA1
8f74a7b387f298192730c46b837d6821d50a915b
-
SHA256
5c4023944c61d2985cc5c50811481eb3cd64d4e3caba1e4f96d8fcc7adf7c72a
-
SHA512
d0d2cfae7ca0da54d30dd32aa02639affb538e2b025a58a0558b258e4ae9a35b159b46259429b04d7aaa5d74d32bd35630782f777a6c2c40b2cdfcdcdaeb12c9
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Inject4.17696.9430.31863.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
mynd
http://www.dtcu0ng.com/mynd/
bbluedot3dwdbuy.com
aucworks.com
seekselflove.com
thebrandolphcollection.com
saint-daniel.info
covidtestcharleston.com
buniy.com
welprosol.com
focusedbusinesspartners.com
ichikawa.ltd
nieght.com
beediecandleco.com
gracobby.com
nowipe.club
meherconsultancy.com
didonghanquocxachtay.online
snovythailand.com
onetimecreditscore.net
hayosiapa.com
dumpstersforsellers.com
kopfimtopf.com
churchofmanifestation.com
scoopeer.com
givrees.com
giftmystyle.com
enovadis.com
blackcreativeslab.com
juamd.com
yaktaichicks.com
tamquin.net
themaskedstitcher.com
puresed.com
magadir.com
hiptopip.com
surgicalcaseoa.com
yanrk-ht586c.com
online-us.online
salonsuitesofcharleston.com
treeremovalcocoa.com
thewhiskeydisco.com
speaknativechinese.com
e-nokutan.com
mantra613.com
flatrenovation.site
servingdivisiion.com
jemimabdebrito.com
patrington-healthandfitness.com
pandemiyardimbildirim-tr.com
espejitia.com
natasciaedera.com
allcostpk.com
r10288.com
sabzi.uk
astitchinthyme.com
uniq-logistic.online
refreshingtherapy.com
pppdebtrisk.com
jejucash.net
ftfss.com
saintesproe.com
zfcarwholesalers.com
raben-p.site
sundaymorning.media
gatezless.com
Targets
-
-
Target
SecuriteInfo.com.Trojan.Inject4.17696.9430.31863
-
Size
417KB
-
MD5
cdda5b2580b9392c15f9dbf31e194a48
-
SHA1
8f74a7b387f298192730c46b837d6821d50a915b
-
SHA256
5c4023944c61d2985cc5c50811481eb3cd64d4e3caba1e4f96d8fcc7adf7c72a
-
SHA512
d0d2cfae7ca0da54d30dd32aa02639affb538e2b025a58a0558b258e4ae9a35b159b46259429b04d7aaa5d74d32bd35630782f777a6c2c40b2cdfcdcdaeb12c9
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Suspicious use of SetThreadContext
-