General
-
Target
Nueva orden de compra.Pdf.exe
-
Size
365KB
-
Sample
211025-v9mpwahdap
-
MD5
59fc1e1a88d9c4968b50d8c07711da9b
-
SHA1
4f5ed7418b6af7e875608604efe3c7aec58fba92
-
SHA256
478d38451c9a4af35bb5de2ada58dfe7495a224d122d9639c6d68fc55c4bf411
-
SHA512
edc96bbfa0e1fb9a3711d3d59349ed281674f21a0da3474c1179ea075171d55f0d37363a028e4266c3d87fe166dd15186f11d11c0c97f3a1a893e9c44342d3a8
Static task
static1
Behavioral task
behavioral1
Sample
Nueva orden de compra.Pdf.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
dv9n
http://www.elianedefalco.com/dv9n/
nblvqing.com
delmegebuildingproducts.com
xiongba8.com
latuawebreputation.online
nowcloud.tech
cckghs.com
tradeoo.ltd
ppapo.com
tphoaphuongdo.club
whitefoxy.site
bottle-sentences.net
computersewa.com
lushberryholidays.com
motobotz.com
shadurj.com
amazonlexdeveloper.com
shunli178.xyz
sjzzlmh.com
6eu09rp.xyz
novinmes.com
elizabethdouglas.net
heathy.xyz
forsmarthings.com
mskstyle-77.store
henhencaol.xyz
palncakeswap.com
osflogistics.com
14rinapo45.com
jordinandaustin.com
natsmartultimatebest.rest
perfectelopements.com
xinsaiou.com
92billion.com
hb4um.com
amneatni.xyz
pirigame.com
93335t.xyz
forwardvalley.com
contacttracingusa.com
americanexpress2214.creditcard
gurume-naruki.com
cdminstructors.com
posetac.online
suzhouyscl.com
bakarusgroup.com
epicureanadventuretours.com
goldengooses-outlet.com
glitchking411.com
8xroe84.xyz
https29dgi.xyz
sweetspendingwholesalersllc.com
bitopvip.com
sheraton-international.com
ajansclubturkey.site
communityskiswap.com
sauna-kuu.com
stephkingspilates.com
rosnewmarkextension.net
100daysofml.com
nexbot.biz
ahhhpop.com
marfalow.com
project-candles.com
topdogiadung.com
Targets
-
-
Target
Nueva orden de compra.Pdf.exe
-
Size
365KB
-
MD5
59fc1e1a88d9c4968b50d8c07711da9b
-
SHA1
4f5ed7418b6af7e875608604efe3c7aec58fba92
-
SHA256
478d38451c9a4af35bb5de2ada58dfe7495a224d122d9639c6d68fc55c4bf411
-
SHA512
edc96bbfa0e1fb9a3711d3d59349ed281674f21a0da3474c1179ea075171d55f0d37363a028e4266c3d87fe166dd15186f11d11c0c97f3a1a893e9c44342d3a8
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Suspicious use of SetThreadContext
-