General
-
Target
1.exe
-
Size
652KB
-
Sample
211029-j2p99ahfdp
-
MD5
ab6287e540cccfff7fc470053db92302
-
SHA1
09387a7e22e87c9555cd8abc2a9801c6e678dc05
-
SHA256
f31eb9a6841607a9a9cf253ef2ad8d27ac6d13289ee5420ebcf7f0f47ef46736
-
SHA512
3e641de591b8385408a476449cb5015d423e7ddf76b7da6299e5ff32e5d63a2fc9339c8fb21b016e457558b2e71d5d84a3ea5d949c49e42806ad729347e32da2
Static task
static1
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-en-20210920
Malware Config
Extracted
formbook
4.1
snr6
http://www.reynbetgirisi.com/snr6/
jjglassmi1.com
vpsseattle.com
drfllc.top
staycoolonline.com
eptlove.com
solusimatasehat.site
ionrarecharlestonproperties.com
b3eflucg.xyz
tvchosun-usa.com
mmahzxwzsadqlshop.life
gospelimport.com
demoapps.website
jackburst54.com
99rocket.education
ccbwithbri.com
trapperairsoft.com
useroadly.com
ralphlaurenonline-nl.com
loanmaster4u.com
champ-beauty-tomigaoka-nail.com
theripemillennial.com
123intan.net
typopendant.com
coruscant.holdings
bio-intelligenz-therapie.com
reprv.com
directreport.net
phinespe.xyz
xuvedae.site
idilikproperties.info
wakigaggenin.com
mal2tech.com
nftwhaler.xyz
gxhnjssx.com
ozba.xyz
lecupcake.net
lucid.quest
kaleoslawncare.com
tiew.store
texcommercialpainting.com
2152351.com
likewize-xl.com
dacooligans.com
manuelmartinezs.com
beancusp.com
barbershopvalleyvillage.com
southwickfunerals.com
briellebaeslay.info
rebeccarye.com
unitedstateswelders.com
saudiarabiavegan.com
testcarona.com
serverapsd.com
crickx.email
hdszbj.com
bennettmountainoutfitter.com
leileilei1999.xyz
baroquefolke.com
francinegeorges.com
horpces.online
resolutionfix.com
mike-schultz.xyz
sohutobankueahomupezinkv.xyz
flowerseedqueen.com
Targets
-
-
Target
1.exe
-
Size
652KB
-
MD5
ab6287e540cccfff7fc470053db92302
-
SHA1
09387a7e22e87c9555cd8abc2a9801c6e678dc05
-
SHA256
f31eb9a6841607a9a9cf253ef2ad8d27ac6d13289ee5420ebcf7f0f47ef46736
-
SHA512
3e641de591b8385408a476449cb5015d423e7ddf76b7da6299e5ff32e5d63a2fc9339c8fb21b016e457558b2e71d5d84a3ea5d949c49e42806ad729347e32da2
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-