General
-
Target
Document RFQ#8086A_461A_0000086_300_3550_2021.exe
-
Size
510KB
-
Sample
211019-hc1h9agcal
-
MD5
a445dd187c6dc7254da6d2f0d893f2fb
-
SHA1
c0548d4ed4a9c2b68fbcf592e9a892fa587d5b0e
-
SHA256
2a2187ae775f286c2400957b71aac1c550779fc6652a710d126546d4d4879f0f
-
SHA512
ec8fb387474fe1a737ea46d67e5b2e363ecb6c35634e1af63e465fb487c8ae2b7684d128d8ea982d6234110dee83a4601b6fba64f05765a41927f580520c527e
Static task
static1
Behavioral task
behavioral1
Sample
Document RFQ#8086A_461A_0000086_300_3550_2021.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
g8ni
http://www.er5544.com/g8ni/
nickmowat.com
garethjame.biz
colibrilift.com
vulnerabilitylabs.one
neuro-ai-web-ru.website
16mcnaestreetmooneeponds.com
bestofstmaarten.net
meditelier.com
ragnarduke.com
escueladecampo.com
vongtayvn.com
inmemoriamaan.com
yourpeoplemanager.com
r6-gytr.com
agreeablebeauty.com
snpconfirms.com
tribalurq.quest
purafuse.com
cisco-training-course.com
wery.top
haiyaa.tech
schtefo.net
kenytc.com
energypopcorn.com
0urls.top
artiatec.com
enqum.com
nextcloud.solutions
stateaffairsng.com
727bpay.com
matchmakerfiji.com
qingdouge.com
nusrattelbdoffical.xyz
seo-clicks7.com
aspirateurs.net
autosandmorestore.com
moje-akvarium.net
uehddw.com
geschmacksakademie.com
gendarmerie.email
buynftinc.com
mission-nao.com
webmakers.xyz
federationwholesale.com
tjbieying.com
finestpoints.com
premiersloyko.xyz
carlislepartssurvey.com
hackernfts.com
abitvip.com
iphone13mini.supplies
thenorthfacedeal.online
swlhvipbj.com
elguije.com
auto2pl.com
route112mitsubishi.com
zilliq.com
pumateam04.com
xtzztf.com
sacmaudantoc.xyz
kalafwalker.com
jumeaux-numeriques.com
purposefulwork.com
jacquelineblog.info
Targets
-
-
Target
Document RFQ#8086A_461A_0000086_300_3550_2021.exe
-
Size
510KB
-
MD5
a445dd187c6dc7254da6d2f0d893f2fb
-
SHA1
c0548d4ed4a9c2b68fbcf592e9a892fa587d5b0e
-
SHA256
2a2187ae775f286c2400957b71aac1c550779fc6652a710d126546d4d4879f0f
-
SHA512
ec8fb387474fe1a737ea46d67e5b2e363ecb6c35634e1af63e465fb487c8ae2b7684d128d8ea982d6234110dee83a4601b6fba64f05765a41927f580520c527e
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-