General
-
Target
N001028.bz
-
Size
270KB
-
Sample
211028-wp566aggep
-
MD5
12da38a608b5f281fb6256cf0f730dab
-
SHA1
90a9b30bda107ccf98a9d16d2d88bdb0415498d6
-
SHA256
0aad345b493a91de830d383b647d9f51ea224f134de6e60a8afe95ba8e29d24b
-
SHA512
fcfa6e8de3fbcf6870fbe019f698ba0bc29b64f01a00aa3a89cd79944082aa1e463b1037efba60bb8bdc61b59958f1618fec29a3795bf150086173dc04a97724
Static task
static1
Behavioral task
behavioral1
Sample
N001028.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
mg0t
http://www.q0yczwyc.asia/mg0t/
3949842.com
webxdigital.net
dirums.online
metawiser.com
takefreepass.com
colphata.com
searchwebsafety.online
unrule.net
merch.ventures
tooreake.xyz
leonelaperu.com
qiangcai.xyz
cocco24.com
lovinganime.com
mbfad.com
historytodaygameshow.com
gadgetwellprotected.com
nutritoken-diet.com
liberty-lilies.com
singleofficial.com
zoetopbusinessco.limited
arcaderacinggame.com
drinkaroo.com
og980.com
gzfenghai.com
nlemgka.xyz
sellcust.com
porudir.xyz
pokerbeta257.com
5gulk.xyz
uncafeconmipsicologa.com
xn--lageya-5ya.online
deploit-cs.com
oppiduim.online
passionafrofood.com
cscs-jv.com
91-3g.com
momtalk.online
plagiator.net
gettitanwindows.com
reefabaya.com
dillonrosshomes.com
istofficial.com
fatmailhanasm.com
marketcrestwiki.com
soulmade-studios.com
crushcopilot.com
maryjoubert.com
mydeskercise.com
seguridadlaboralkutxa.com
lovely-home.net
nnihinho.xyz
zgicp.net
uintahgc.com
dricstif.com
faithirelandcoach.com
allprofly.xyz
momentousedition.com
nbselari.com
mongoexpert.xyz
hayllla.com
ramirez-transport.com
osouji-kaizu.com
dethmvtch.com
Targets
-
-
Target
N001028.exe
-
Size
282KB
-
MD5
61e09b1e377cbf8017861bfd9dedfb55
-
SHA1
2ce56c49d71b9771a837f00b9e9ec58cfe53afad
-
SHA256
61caa9b68c303d1fb37e196154c0bf9a460441673084a307028a88002e10fd94
-
SHA512
e4ed7e7b827cf2298cd8b643a6feef07657f0c654b6a22b00d68dd251580214db6546ef79ef4c8575bc16e7e8f51f765f7980152801f82b812b65ad9e4fe5a70
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-