General
-
Target
Inquiry Qr.exe
-
Size
780KB
-
Sample
211025-fhf1pagedp
-
MD5
dd2b68372282c9f889d288ec83409cf0
-
SHA1
1cd1cc24217ce59a40e8635348d38ef827c1673b
-
SHA256
96c65dbeb55d5794541c9132447e41735610c1948b78c138d796e9db8528dd87
-
SHA512
0d7d92e18bd0336bd338b2b1cc2ab06617f801be5222bf66cc35a889b670644012a2dee14e32fd057ab1c286ecbf6878b40a47283078ad20b40543b073d910ff
Static task
static1
Behavioral task
behavioral1
Sample
Inquiry Qr.exe
Resource
win7-en-20211014
Malware Config
Extracted
formbook
4.1
ubdu
http://www.firsttracksdigital.com/ubdu/
veermaster.com
atechco.info
ritzelcapital.com
spyhusband.com
therestoretrial.com
quartier-creyole.com
farmintheforest.com
automationadvertising.com
luisxe.info
pranapolarity.com
dwadawdf005.com
joleahfashions.com
silverwoodrestoration.com
blackivorygoldbeautysupply.com
nb-bird.com
silverlakein.xyz
thecleanear.com
rxv3.com
goaltransparent.com
mhs1.online
sublimerhyme.com
destinyshepherds.com
couplemoment.com
gabfundme.com
paint-kurisu.com
simplyrelish.com
cantinesicure.com
lingxifu.com
thecreditempire365.com
flynnhunt.com
chmereles.com
tibbalgroup.com
huhongsuji.com
inovytec-academy.com
j5developercv.com
webdownload.xyz
marlinintegrations.com
bedazzledcleaning.info
rocketcompaniesextortion.info
honnerdesign.com
getjquery.com
resetrecruiting.com
greatwoodroofingsolutions.com
draftkristi.com
hfpswea.com
hy66b.com
seo6.club
evenbetterafter50.com
lion18.com
talentedtenthrecords.com
mediadiagnose.com
morggy-fun-club.com
corpcosac.com
iamagladiator.life
computadordigital.info
kkskh.com
florestatllc.com
shellpointmortgageaervicing.com
kv176.com
branlixtv.com
wowbuzz.club
fireback2nature.com
mutets.icu
rossmarket.net
Targets
-
-
Target
Inquiry Qr.exe
-
Size
780KB
-
MD5
dd2b68372282c9f889d288ec83409cf0
-
SHA1
1cd1cc24217ce59a40e8635348d38ef827c1673b
-
SHA256
96c65dbeb55d5794541c9132447e41735610c1948b78c138d796e9db8528dd87
-
SHA512
0d7d92e18bd0336bd338b2b1cc2ab06617f801be5222bf66cc35a889b670644012a2dee14e32fd057ab1c286ecbf6878b40a47283078ad20b40543b073d910ff
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-