General
-
Target
Factura de proforma.Pdf.zip
-
Size
368KB
-
Sample
211026-qmch6saaaj
-
MD5
fadbdb1f04c3f950dfa01fe0d8243f81
-
SHA1
bffe1d28d2790ece0dfb43bcfeefe354f758179d
-
SHA256
b4f96434e2b2659a4c17a81ecf497f2d9bfbb8cb75fdb623d57f2e7377a46f99
-
SHA512
b3239789a01164d70961aec58598dcf8d90e4b9d04a8dda7be143f64778e3acfd68bdfa830a7861fbaf1c1d9e45407c316d338951d8de25829ed2a2576349741
Static task
static1
Behavioral task
behavioral1
Sample
Factura de proforma.Pdf.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
dv9n
http://www.elianedefalco.com/dv9n/
nblvqing.com
delmegebuildingproducts.com
xiongba8.com
latuawebreputation.online
nowcloud.tech
cckghs.com
tradeoo.ltd
ppapo.com
tphoaphuongdo.club
whitefoxy.site
bottle-sentences.net
computersewa.com
lushberryholidays.com
motobotz.com
shadurj.com
amazonlexdeveloper.com
shunli178.xyz
sjzzlmh.com
6eu09rp.xyz
novinmes.com
elizabethdouglas.net
heathy.xyz
forsmarthings.com
mskstyle-77.store
henhencaol.xyz
palncakeswap.com
osflogistics.com
14rinapo45.com
jordinandaustin.com
natsmartultimatebest.rest
perfectelopements.com
xinsaiou.com
92billion.com
hb4um.com
amneatni.xyz
pirigame.com
93335t.xyz
forwardvalley.com
contacttracingusa.com
americanexpress2214.creditcard
gurume-naruki.com
cdminstructors.com
posetac.online
suzhouyscl.com
bakarusgroup.com
epicureanadventuretours.com
goldengooses-outlet.com
glitchking411.com
8xroe84.xyz
https29dgi.xyz
sweetspendingwholesalersllc.com
bitopvip.com
sheraton-international.com
ajansclubturkey.site
communityskiswap.com
sauna-kuu.com
stephkingspilates.com
rosnewmarkextension.net
100daysofml.com
nexbot.biz
ahhhpop.com
marfalow.com
project-candles.com
topdogiadung.com
Targets
-
-
Target
Factura de proforma.Pdf.exe
-
Size
416KB
-
MD5
1023715ab1412b3ab39be25ad6054e9c
-
SHA1
b93d9283fffc26259a3675195ed878b3089ca8b7
-
SHA256
b4585da149dee9da71100f73ac5088f6dcd2f0bad3a155a78615ab321fce3f71
-
SHA512
63a837b607dd274a3285380d2bdad3b0b059ffbb39b7e7f14a9d76eb3dc4fca861cf0bcfd6be4420f3a13d83f3388afbc41859a08c3b87778bdebdd399eca376
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Suspicious use of SetThreadContext
-