General
-
Target
imágenes de productos pdf.exe
-
Size
973KB
-
Sample
211021-nf1w3sbagj
-
MD5
1e01b5e7d7e52dc849c271f8327fabd6
-
SHA1
efa560d817c867c38c4a75519830abacb4be2812
-
SHA256
a192572433f8f1a41f0035e040f0f455608b6eb9695cbb87c9734f3a4bf7d4cc
-
SHA512
6d7e41f576f88d6a2c3ab951db921def360cd8fe2db8dc542edfbe93a6f8ab10d6ba96538239ac158bdb43f2b14bfc562da6870fd85297c3690b40c5b5b3658e
Static task
static1
Behavioral task
behavioral1
Sample
imágenes de productos pdf.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
n7ak
http://www.kmresults.com/n7ak/
modischoolcbse.com
theneverwinter.com
rszkjx-vps-hosting.website
fnihil.com
1pbet.com
nnowzscorrez.com
uaotgvjl.icu
starmapsqatar.com
ekisilani.com
extradeepsheets.com
jam-nins.com
buranly.com
orixentertainment.com
rawtech.energy
myol.guru
utex.club
jiapie.com
wowig.store
wweidlyyl.com
systaskautomation.com
citromudas3a.com
plasticstone.icu
pawchamamapet.com
beautybybby.com
mor-n-mor.com
getoffyourhighhorses.com
chieucaochoban9.xyz
grahamevansmp.com
amplaassessoria.net
nutricookindia.com
wazymbex.icu
joansironing.com
hallforless.com
mycourseprofits.com
precps.com
cookislandstourismpodcast.com
bestonlinedealslive.com
bug.chat
ptjbtoqonjtrwpvkfgmjvwp.com
tortniespodzianka.store
qxkbjgj.icu
aurashape.com
guinealive.com
mondialeresources.com
offthebreak.site
maxamproductivity.com
thebiztip.com
thelocalrea.com
laeducacionadistancia.com
inpakgroup.com
lvgang360.com
allvegangoods.com
tymudanzaramos.com
simpleframeswork.com
thehappycars.com
directfenetres.net
norskatferdsterapi.com
hostingcnx.com
ksmh5x.com
thespiritworldinvitational.com
jetsetwilly3.com
gameflexdev.com
tryhuge.com
vaporvspaper.com
Targets
-
-
Target
imágenes de productos pdf.exe
-
Size
973KB
-
MD5
1e01b5e7d7e52dc849c271f8327fabd6
-
SHA1
efa560d817c867c38c4a75519830abacb4be2812
-
SHA256
a192572433f8f1a41f0035e040f0f455608b6eb9695cbb87c9734f3a4bf7d4cc
-
SHA512
6d7e41f576f88d6a2c3ab951db921def360cd8fe2db8dc542edfbe93a6f8ab10d6ba96538239ac158bdb43f2b14bfc562da6870fd85297c3690b40c5b5b3658e
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-