General
-
Target
196666c8.exe
-
Size
394KB
-
Sample
211023-jmh8dsdbck
-
MD5
c0774667c40bc1a34b22fe4afdf3d87c
-
SHA1
750efb48dea98d15bf740aa357eed6235caa2187
-
SHA256
196666c85a31dedff03cdc9a8e19c323f510f7d1b55301463a21cb969751a700
-
SHA512
18687d1dbe2657c5e8237fa71b32f9de2fd4944713e874303312d6194eec3758ccef760c8a86d50aa8966abe20357f86b3ae24fa004da824072a0304eff66829
Static task
static1
Behavioral task
behavioral1
Sample
196666c8.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
s0vc
http://www.xn--289an7fmsbe2rud327e.com/s0vc/
redstonemanagers.com
graffitiparktx.com
aliturk.com
asicsmalaysiasale.com
primetimehandyman.com
logjed068.xyz
rusicedream.com
rickcaronmuseum.com
softwarebuynow.com
buddysbarkery.com
ysm99.com
rtetrgwgre.xyz
97020.xyz
utahblind.site
hiyym.com
rohukager.xyz
vcstudentwork.com
oxfordautomotivepa.com
salibrown.com
tekosocks.com
creekincrystals.com
clairewashere.site
emiratli.xyz
eusoufernandorocha.com
regionalleadmap.guide
firstselectindia.com
megamodamaster.com
ritmicatop.com
hextellconstructions.com
axismath.com
tadowequsotot.rest
hw0745.com
a-great-online-mba-es-lagdn.fyi
nazlialisverissitesi.com
bolacn.com
thegroundknowledge.com
brooksuper.com
readyneed.net
gentciu.com
trywelles.website
colab.farm
taylormadedfwhometeam.net
gosh-opium.club
hayyjameel.cloud
898192.com
pwnedpasswordsnft.com
pastormarkusgh.com
toonkor.golf
ambientmusicartist.com
chrisforjp.com
shzd2.com
lonestarbiologics.com
thinktimelogisticsllc.com
472291.com
heidoulife.com
lisamf.xyz
captainamberbeard.net
csishj.com
perfectnethost.com
abovethebarn.net
everhuntingabandon.xyz
satima.net
xn--jj0bs99byvj.com
smitheating.com
Targets
-
-
Target
196666c8.exe
-
Size
394KB
-
MD5
c0774667c40bc1a34b22fe4afdf3d87c
-
SHA1
750efb48dea98d15bf740aa357eed6235caa2187
-
SHA256
196666c85a31dedff03cdc9a8e19c323f510f7d1b55301463a21cb969751a700
-
SHA512
18687d1dbe2657c5e8237fa71b32f9de2fd4944713e874303312d6194eec3758ccef760c8a86d50aa8966abe20357f86b3ae24fa004da824072a0304eff66829
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-