General
-
Target
Payment TT S lip no 8393.rar
-
Size
415KB
-
Sample
211029-fwd39ahchp
-
MD5
8d568f275ab48f18e3e75629a3ab010a
-
SHA1
b0f2e98294c678b15887606e884e88229ab3cfaa
-
SHA256
ff3e1eb7787b16b842a3c16347fccc76932f29422f50a96f639d5c8364a565c5
-
SHA512
3646ffbfdf7eb39ad438fe0490909bca8a36fd0cb002455942fc0ae2738d0e4ee86ecf54cc9edb95d0424c64d7d772c59f336fb857c25d9cde5b7e8b6a87dfea
Static task
static1
Behavioral task
behavioral1
Sample
Payment TT S lip no 8393.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
r4gk
http://www.aprilsaak.quest/r4gk/
quantalix.com
animalblog-eggs.com
039skz.xyz
guttas.net
lasantadayparty.com
protegerfinanceservices.com
vixtest.xyz
digitaleconomy.global
0xpax.xyz
mobilehome1688.com
themotionpartners.com
valueney.com
hattuafhv.quest
js0061gj.net
360metaverse.biz
seculardata.com
346727688.xyz
smartmapom.com
moksel.com
exoduswatchco.com
cryptopazar.com
constructioncdr.com
teamlsu.club
vitalflowscam.com
participatetn.info
daysyou.com
beautifulhandwriting.net
risccredit.com
coachingwithkyle.com
tedthemusicguy.com
theukulelejournal.com
enpratikyemektarifleri.com
reaching-far.com
investmentcomp.com
digitalzonecorp.com
internet-treat.com
oligopoly.club
thepropertiesmatterlawfirm.com
jsi.money
8mlcvtd4y.com
tjc075kcn.xyz
floribunda.space
clinpic.com
zhizhengsf.com
thebestsmartphones.com
robertaeelton.com
upcxi.xyz
graywolfdesign.com
elitespeedco.com
asia99.asia
021parkert.com
seo-clicks7.com
com103940689794.icu
thegisguru.com
api-22nnys.com
srothientu.com
hfhcatering.com
strukuwehtet.quest
extramovies.quest
monamodda.com
markbuyskes.com
smartar8.xyz
illarrivelatebut.space
gestionestrategicadl.com
Targets
-
-
Target
Payment TT S lip no 8393.exe
-
Size
495KB
-
MD5
209022637f55d36fa877e8c4931d2f03
-
SHA1
b77ae6847ac5c4ca53af477f321183c36675543c
-
SHA256
7ba579db4b2485e75dbeff653199f592e4067706225975038ad011b73562c3fb
-
SHA512
19788a7bd0083429492025739b4b087a1afb058ca1331f4ce0be2029120b709c50acd85d6da3d2909407c2e785b3e726a139c465e2bda422894e6da71be2b003
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-