General
-
Target
pvRnUbWwToDTcwg.exe
-
Size
519KB
-
Sample
211029-mghw8ahghk
-
MD5
8e07e2f350449f748eb0d1a9cde22180
-
SHA1
6e453492ae09c770dd23bc4836c53b7bf7d505d0
-
SHA256
f83cdf1780fcb5525b353125751e8495c5d372d6fbd341b06a60f05ac2de2160
-
SHA512
8d730e1ae09b47e64a8a1c1e522f3bb7f1a50d1e27436bdd45ecb56348433c8605f0e668d09c2bf9b65a275b7426c31ab2afb6579119db007a7787079128fdfb
Static task
static1
Behavioral task
behavioral1
Sample
pvRnUbWwToDTcwg.exe
Resource
win7-en-20211014
Malware Config
Extracted
formbook
4.1
pn4r
http://www.wexchange.money/pn4r/
mymicroreader.com
rpttoday.com
covid-testiranje.com
trendismon.com
xtoearn.com
themiraclemamma.com
reebok-technology.store
naionics.com
nuatierra.com
tarynrenee.com
tessstrachey.xyz
ptarmigan.xyz
publistom.com
hostingforyou.online
padellacentral.com
vp0y0x.icu
theultimatewhisper.com
fashionbrandsweek.com
soltechwebdesign.site
proteinakua.net
armc.site
votek.online
semrushservers.online
sidejobmillionaire.com
elbebedigital.com
moradassiri.com
wvvw-poloniex-loginscom.com
ragamuffinprims.com
first-coach.fr
qpphha085.xyz
athleisurehype.com
visitbariloche.com
communityenablers.com
theinternetblogger.com
ventalista.club
icsasociosconsultores.com
liveinthemou.com
houstonlaboratory.com
opreaigor.com
flipurrealestate.com
mrdics.com
bikathlon.com
theelfclub.club
aizhengyo.com
making-wealth.com
pahotline.com
mandjhairsolutions.com
smartcpdonline.com
venosmine.com
artasiafox.com
pr-casting.com
25iaku.icu
cashinonquitting.com
filicebrown.com
eo88t0.icu
sj236.com
ddassc.icu
forexminingtrading.com
wowbestproduct.com
shopspaceboots.com
registersure.com
sedukapug.rest
theperfectbussines.com
elegantaesthetics.biz
Targets
-
-
Target
pvRnUbWwToDTcwg.exe
-
Size
519KB
-
MD5
8e07e2f350449f748eb0d1a9cde22180
-
SHA1
6e453492ae09c770dd23bc4836c53b7bf7d505d0
-
SHA256
f83cdf1780fcb5525b353125751e8495c5d372d6fbd341b06a60f05ac2de2160
-
SHA512
8d730e1ae09b47e64a8a1c1e522f3bb7f1a50d1e27436bdd45ecb56348433c8605f0e668d09c2bf9b65a275b7426c31ab2afb6579119db007a7787079128fdfb
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-