General
-
Target
AWB##29721.PDF.exe
-
Size
461KB
-
Sample
211019-crangsgafn
-
MD5
6244f4e218cef1f89dbe0a96374d5eaa
-
SHA1
d6d8c3c4a7e9f777b9c4383120b057be18a4ad41
-
SHA256
9404982e0cf941d6103e40246a6689d91be00c03c8d9072e42ebf56bd9080492
-
SHA512
bf8c0c36444aedf8033b636121fd18e2c6ec417ccd56ca528bd3b71c3b71dc5c330c6018c30822c5e33e5d833a863e1a219f9881dd98caf53ba78616ec1a4736
Static task
static1
Behavioral task
behavioral1
Sample
AWB##29721.PDF.exe
Resource
win7-en-20211014
Malware Config
Extracted
formbook
4.1
gr1c
http://www.illusiontrick.com/gr1c/
soakyourgrains.com
duwego.com
aenkdesign.com
bikabbziu.xyz
thesawyerlegacy.com
koreanmodelbj.xyz
exceed-standards.com
syirsve.com
sachisushimontreal.com
thegalwaykitchen.com
accarwash-hub.com
connectwithmentor.com
luftfundament.online
ibrahimkaracan.com
biggersinsurance.com
desellon.com
tvnewscloset.com
digital-dre.com
ingocg.com
fernanda-ortiz.com
globallbazar.com
goldballoons.com
save-insta.net
jr-cons.com
ahyaqing.com
dawoodkhalil.com
paris-moi.com
pitchnft.net
shopdivastore.com
clarksclumpiesforkids.com
boutiquedulinge.com
tephineproperties.com
536484.com
testbegetregainfo.info
descontazzo.com
complioso.com
cashvax.xyz
bezeqimt.net
niqi666.com
daqishoes.com
uichin.info
boostarassa.quest
tarrings.info
caringhearts.one
untouchableinnovations.com
raymondcase.com
trippyhippieinc.com
fischernude.top
mazurschool.com
fswde.online
boldlarentals.com
welmovs.xyz
bandardunia.xyz
9594851.com
jioi.top
brequity.com
krakennewhour.com
polyteq.net
033xj.com
066ss.xyz
aluthgossip.xyz
grandezapura.com
kenneth-p.online
dadsaman.com
Targets
-
-
Target
AWB##29721.PDF.exe
-
Size
461KB
-
MD5
6244f4e218cef1f89dbe0a96374d5eaa
-
SHA1
d6d8c3c4a7e9f777b9c4383120b057be18a4ad41
-
SHA256
9404982e0cf941d6103e40246a6689d91be00c03c8d9072e42ebf56bd9080492
-
SHA512
bf8c0c36444aedf8033b636121fd18e2c6ec417ccd56ca528bd3b71c3b71dc5c330c6018c30822c5e33e5d833a863e1a219f9881dd98caf53ba78616ec1a4736
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-