General
-
Target
TT copy for our payment.7Z
-
Size
368KB
-
Sample
211028-w85pqsgghp
-
MD5
137dc2d545f07f14b3bf2712ea696fdd
-
SHA1
18d7e6741d99dcdd2f473d79820964f29f7ab42d
-
SHA256
47ad5f9aa8949afcd5f9c23bd1394ed45a3516b2f8a2d18aa67904e8695b9b15
-
SHA512
1143e2b1acc68f4d9dc9782e4d8cb7efc9afcc8b68522f4d364b00ff9bc4722db7468de90ec1026ba8f0c6c6d9dc7f2dbf1e34e1cff2e4c9594f1f4017bcbdd9
Static task
static1
Behavioral task
behavioral1
Sample
TT copy for our payment.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
r4gk
http://www.aprilsaak.quest/r4gk/
quantalix.com
animalblog-eggs.com
039skz.xyz
guttas.net
lasantadayparty.com
protegerfinanceservices.com
vixtest.xyz
digitaleconomy.global
0xpax.xyz
mobilehome1688.com
themotionpartners.com
valueney.com
hattuafhv.quest
js0061gj.net
360metaverse.biz
seculardata.com
346727688.xyz
smartmapom.com
moksel.com
exoduswatchco.com
cryptopazar.com
constructioncdr.com
teamlsu.club
vitalflowscam.com
participatetn.info
daysyou.com
beautifulhandwriting.net
risccredit.com
coachingwithkyle.com
tedthemusicguy.com
theukulelejournal.com
enpratikyemektarifleri.com
reaching-far.com
investmentcomp.com
digitalzonecorp.com
internet-treat.com
oligopoly.club
thepropertiesmatterlawfirm.com
jsi.money
8mlcvtd4y.com
tjc075kcn.xyz
floribunda.space
clinpic.com
zhizhengsf.com
thebestsmartphones.com
robertaeelton.com
upcxi.xyz
graywolfdesign.com
elitespeedco.com
asia99.asia
021parkert.com
seo-clicks7.com
com103940689794.icu
thegisguru.com
api-22nnys.com
srothientu.com
hfhcatering.com
strukuwehtet.quest
extramovies.quest
monamodda.com
markbuyskes.com
smartar8.xyz
illarrivelatebut.space
gestionestrategicadl.com
Targets
-
-
Target
TT copy for our payment.exe
-
Size
430KB
-
MD5
b87c1e2bb5ba0a04b614ba14b6ef91c2
-
SHA1
a02e178c8f33b48f3fa8d548762a29adcc359cac
-
SHA256
fc9165f2702032e355b392fe6ada38cfd6e1eceafb5453de7991369addd266a6
-
SHA512
36889e872c6eb47d664601c39dc789d016260b348a32f2b26ddffbc7603445f492749d3b0c00c2733a7c8a169fb95aa42b0e46166322ef1379f83f89004358f8
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-