General
-
Target
Item lists.exe
-
Size
467KB
-
Sample
211019-cee3fagafl
-
MD5
de5906d5741fa79fb87624e45b9d3b86
-
SHA1
ccf8c98ff308a3e94e1ec2eec0715825acf99462
-
SHA256
7702ee7d36c36c8cc3a67bec6ff636c9f1fe7e16a9f125303886c43f1b49407a
-
SHA512
af3dbecbbdbbd780b7f879755da97d17ab4bca89c6b7db4e97004d7ad005518a10d9f1bf1588c5c5d8fe7b05078a5165d88f5b113920c34d6d74f2bfd47f9e0e
Static task
static1
Behavioral task
behavioral1
Sample
Item lists.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
ok3s
http://www.bigboytoystorage.com/ok3s/
berrymealsonwheels.com
elegancefoodsnam.com
xn--paravocvendas-vhb.com
kite22.com
somolinosstrategies.com
allslotasia.com
zxqycxppw.com
appsvaportheeight.xyz
naturalbeautyattitude.com
compass1st.com
findlends.com
pxlstreamingstudios.com
getquicktrimketo.com
sigmakule.com
cooperfultoncpsc240.net
frgb.xyz
crowdestage.club
qranto.space
landtiger.cloud
arleuf.com
3dsecurenexi.com
secredgamesstudio.com
kizriprint.com
ecommerceicu.com
meisenbacher-kunst.net
permarelining.com
marketingstrikes.com
popupagency.life
spanishtulum.com
allencoa.com
tenisairconfort.site
jesussaves.club
projobfirst.com
seeknprosper.com
thebusclub.com
tomas-amorim.com
shakeandglory.net
xaljwj.com
sun-intelligent.net
fairfounded.com
asicorp.xyz
yarmouthgondolas.com
lanhai.ltd
nashvilleassistants.com
shinjuku-wc.com
dg-factory.group
nimblemortgages.com
mintony.xyz
stevanzetti.com
investmentfunding.info
yh565795.com
statefarmsdispensary.com
accountingsolutionscenter.com
findacada.com
66davisdrive.com
ahihidochoneahii.com
vos2.com
lynea10k.com
news-pirat.com
xiuxw.com
thearkinresortsbets.com
yihemedical.com
greatwhitehealthcare.com
crownchakraaffirmations.com
Targets
-
-
Target
Item lists.exe
-
Size
467KB
-
MD5
de5906d5741fa79fb87624e45b9d3b86
-
SHA1
ccf8c98ff308a3e94e1ec2eec0715825acf99462
-
SHA256
7702ee7d36c36c8cc3a67bec6ff636c9f1fe7e16a9f125303886c43f1b49407a
-
SHA512
af3dbecbbdbbd780b7f879755da97d17ab4bca89c6b7db4e97004d7ad005518a10d9f1bf1588c5c5d8fe7b05078a5165d88f5b113920c34d6d74f2bfd47f9e0e
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-