General
-
Target
dhlexcel9078.excel.exe
-
Size
462KB
-
Sample
211025-m45dqsgheq
-
MD5
f70df4cd6c3bb5f98021586d550d47d7
-
SHA1
297d8d7a7c8524914d78892e51fe92b034c47bc1
-
SHA256
5898ff655531cce98050d6ac064d14b5e64249c3e8a01110e12b46e93bf72de9
-
SHA512
5eb7a7a7b8866d2a7f5b95cf51aa33b118f602d67fb99401bb56f025a6e5fb06c9e16022f6e8e42f2f64d0f857a7d5fe8a7d100de0ea40661cc37cefdff23488
Static task
static1
Behavioral task
behavioral1
Sample
dhlexcel9078.excel.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
ct6s
http://www.metalzj.quest/ct6s/
liaquatsibtian.com
erisa.cymru
theultimateone.world
petpartner.info
edison-press.com
ryanmurazik.icu
bukasystems.com
kitsusimplex.com
qatarstyleart.com
brkhot.top
paehdfdtrujdfhs.xyz
createdbybonk.com
kuihoon.com
deathtocustomerservice.com
iotimb.com
greendiamond.pw
millionaireproducers.academy
websitemolsa.com
cbshomeimprovement.com
eardunder.quest
qdsrogijnsoiaha.xyz
winsimplebet8.com
nguyendinhmanh.online
straforkutu.online
jtbfunnels.xyz
sz-videocom.com
budteeshirts.com
teinkstash.com
aohuajz.com
awcarsales.com
thankful.love
yukselfirca.com
gamblz.com
prologuepr.com
georgemanuel.com
crewcamel.team
digesters.info
diosaempoderada.com
pobbs65.xyz
monoscribe.com
kelseycoding.com
lauertmouku.quest
techtalks-2021.com
zhi2021.com
bslf.xyz
socialdiseaseshop.com
bsnguyenhuunam.com
glozhair.com
pieko.net
hirenearyou.com
xoarin.online
beyondracula.com
hoshikoblog1.com
bigbet2298.com
pricetrust-shop.com
afiliadosilva.com
alrayangroups.com
sittingonforgis.online
fiitnutr.com
killeendirectconnection.com
princesstvchannels.com
belleshopdz.com
vanillanoir.com
homodont.com
Targets
-
-
Target
dhlexcel9078.excel.exe
-
Size
462KB
-
MD5
f70df4cd6c3bb5f98021586d550d47d7
-
SHA1
297d8d7a7c8524914d78892e51fe92b034c47bc1
-
SHA256
5898ff655531cce98050d6ac064d14b5e64249c3e8a01110e12b46e93bf72de9
-
SHA512
5eb7a7a7b8866d2a7f5b95cf51aa33b118f602d67fb99401bb56f025a6e5fb06c9e16022f6e8e42f2f64d0f857a7d5fe8a7d100de0ea40661cc37cefdff23488
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-