General
-
Target
Factura de proforma.exe
-
Size
973KB
-
Sample
211021-qs3ybabcan
-
MD5
3b28cc0c40a9122c19279e34ede6b2a6
-
SHA1
2c97655615b623605be40e708295e12499674640
-
SHA256
c4b4ddf8aec0347fd4640a12009f51ba60ed1b202e18b421a3faef74bfe18ea1
-
SHA512
95fc3c78c572285fa8b13993dab2cf25e5c2efbe6aa40930c7745d5b3f3bdecb14a51f6a3f78ac66ec5307b7a97d4843615f78639b5d815f16b4b31e086e3d08
Static task
static1
Behavioral task
behavioral1
Sample
Factura de proforma.exe
Resource
win7-en-20211014
Malware Config
Extracted
formbook
4.1
bc3s
http://www.topei-products.com/bc3s/
anna-ng.com
mariangelamata.com
szqnbl.com
nesherguitars.com
mysekrit.com
againbeautyviensui.xyz
appf.life
bilalsolution.com
technoratii.com
11restoran.com
birthingly.com
crystalcarrillo.com
cohenasset.info
bunchofdesign.com
highstreetmag.com
talentkerning.com
outdoor-glassesadvice.com
aliceeety.com
habbuhot.info
pao91.com
resgatarpontosparavoce.com
tuancai.net
cnynckcrw.com
visaza.com
paulettecallen.com
kandmfinancialgroup.com
malibuclassix.com
thespoonteller.com
vidyaxyp.com
xn--gmsepetim-q9ab20j.com
saudesexualdoshomens.com
safehandmarketing.com
yebimhieu.site
alimitchellmedia.com
andrewpatrickpiette.com
astro-paradise.com
domainechoquet.com
navihealthpartners.com
detroitveganseafood.com
spankingandpunishment.com
magalu-queromais.com
mallsinup.com
rmsnidlogini.cloud
lifeisveryessential.com
stolzfus.com
iniciala.com
designslayers.com
clinivahq.com
ubersms.com
welenb.com
skyegroupllc.com
happyburger.net
moredate-s.com
alon-mail.com
voceprofessor.com
dokadveri.com
lafabricadisseny.com
westwooddesign.net
blossoms-boutique.com
jumtix.xyz
dietgulfport.com
soccerstreamer.com
lapurtcedd.com
secret-mall.com
Targets
-
-
Target
Factura de proforma.exe
-
Size
973KB
-
MD5
3b28cc0c40a9122c19279e34ede6b2a6
-
SHA1
2c97655615b623605be40e708295e12499674640
-
SHA256
c4b4ddf8aec0347fd4640a12009f51ba60ed1b202e18b421a3faef74bfe18ea1
-
SHA512
95fc3c78c572285fa8b13993dab2cf25e5c2efbe6aa40930c7745d5b3f3bdecb14a51f6a3f78ac66ec5307b7a97d4843615f78639b5d815f16b4b31e086e3d08
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-