General
-
Target
61f55bceba5b9a52c750555d62fc7ae9
-
Size
973KB
-
Sample
211021-xbrmaabefq
-
MD5
61f55bceba5b9a52c750555d62fc7ae9
-
SHA1
57f083ea441e1a67c2c1a99d264474ee49388fe7
-
SHA256
7080315530bc6d7ead65034c1587e4596d9dbf0fc17107fbb28f84bf016009f9
-
SHA512
f7f00c594d03a73dd8b3c85df4a2ad17aac0fab0ab274ac08ee5dadb51218ce49ec7c89f8feaf0805a49fd8f11abbf29a0d397a248467d4f17fda37290dd9712
Static task
static1
Behavioral task
behavioral1
Sample
61f55bceba5b9a52c750555d62fc7ae9.exe
Resource
win7-en-20211014
Malware Config
Extracted
formbook
4.1
og2w
http://www.wakecountyrealtyexpert.com/og2w/
patriotxf.com
thecreagles.com
riverdenim.com
cybqo.com
zzfangnan.com
empowerhis.com
resiliencewearmiami.com
myticketly.com
pistachio.land
13055.club
millennialsofacertainage.com
jnxdsgc.com
pixelsandplastic.digital
bugroster.com
chargedockz.com
gzyazsp.com
sintec-consultores.com
pourtonmobile.com
upmhss.com
amkanalrajhi.com
tenloe076.xyz
sisoow.quest
coil.company
suddennnnnnnnnnnn32.xyz
foolands.com
americanslinked.com
comprerapido.net
shock.agency
daomogul.com
brightsandstudio.net
paycourtf.com
cheaterbnuahe.xyz
atencionespecializada24.store
hyperado.com
tournusol.com
tamzeedhossain.xyz
h5aolyhh6.com
bytroletu.quest
ergobear.com
teamfsu.club
royallecleaning.com
sarrosh.com
cuvedevelopment.com
gb2022-club.com
liberbankrtes.com
journeyresearchstudy.com
laundryexpressoakland.com
mainmanmemories.com
learnliberate.com
syktxny.com
enterprisedaasit.enterprises
odontolcae.xyz
camilamentoria.online
camacho.one
wildlifehabitatfederation.com
macheamme.space
bamko.link
protected-rental.com
china-kajafa.com
papafluffysandfriends.com
alfonsoovens.com
riqnahbww-tui.net
ovatsolutions.com
topotostar.com
Targets
-
-
Target
61f55bceba5b9a52c750555d62fc7ae9
-
Size
973KB
-
MD5
61f55bceba5b9a52c750555d62fc7ae9
-
SHA1
57f083ea441e1a67c2c1a99d264474ee49388fe7
-
SHA256
7080315530bc6d7ead65034c1587e4596d9dbf0fc17107fbb28f84bf016009f9
-
SHA512
f7f00c594d03a73dd8b3c85df4a2ad17aac0fab0ab274ac08ee5dadb51218ce49ec7c89f8feaf0805a49fd8f11abbf29a0d397a248467d4f17fda37290dd9712
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-