General
-
Target
pedido urgente pdf.exe
-
Size
973KB
-
Sample
211021-nfzc9abafr
-
MD5
42c8d23c057b69d3059dfd7bb4af736e
-
SHA1
a5f7fe4e31d69c1e452f513ba79b57ef57079b23
-
SHA256
d90b2ee420fc51d84a0c3c3fe2ae4e13b6313cd030be264440538a396dfe7956
-
SHA512
b524f68ed82306acbc3422f6475071bb05e3c9e72510a70784e08f9b2561b962beba6847e4679bd24247c7899e84b7799b2f1171decab195a456e181725f3ad6
Static task
static1
Behavioral task
behavioral1
Sample
pedido urgente pdf.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
n7ak
http://www.kmresults.com/n7ak/
modischoolcbse.com
theneverwinter.com
rszkjx-vps-hosting.website
fnihil.com
1pbet.com
nnowzscorrez.com
uaotgvjl.icu
starmapsqatar.com
ekisilani.com
extradeepsheets.com
jam-nins.com
buranly.com
orixentertainment.com
rawtech.energy
myol.guru
utex.club
jiapie.com
wowig.store
wweidlyyl.com
systaskautomation.com
citromudas3a.com
plasticstone.icu
pawchamamapet.com
beautybybby.com
mor-n-mor.com
getoffyourhighhorses.com
chieucaochoban9.xyz
grahamevansmp.com
amplaassessoria.net
nutricookindia.com
wazymbex.icu
joansironing.com
hallforless.com
mycourseprofits.com
precps.com
cookislandstourismpodcast.com
bestonlinedealslive.com
bug.chat
ptjbtoqonjtrwpvkfgmjvwp.com
tortniespodzianka.store
qxkbjgj.icu
aurashape.com
guinealive.com
mondialeresources.com
offthebreak.site
maxamproductivity.com
thebiztip.com
thelocalrea.com
laeducacionadistancia.com
inpakgroup.com
lvgang360.com
allvegangoods.com
tymudanzaramos.com
simpleframeswork.com
thehappycars.com
directfenetres.net
norskatferdsterapi.com
hostingcnx.com
ksmh5x.com
thespiritworldinvitational.com
jetsetwilly3.com
gameflexdev.com
tryhuge.com
vaporvspaper.com
Targets
-
-
Target
pedido urgente pdf.exe
-
Size
973KB
-
MD5
42c8d23c057b69d3059dfd7bb4af736e
-
SHA1
a5f7fe4e31d69c1e452f513ba79b57ef57079b23
-
SHA256
d90b2ee420fc51d84a0c3c3fe2ae4e13b6313cd030be264440538a396dfe7956
-
SHA512
b524f68ed82306acbc3422f6475071bb05e3c9e72510a70784e08f9b2561b962beba6847e4679bd24247c7899e84b7799b2f1171decab195a456e181725f3ad6
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-