General
-
Target
PO4809217226898789.pdf.exe
-
Size
347KB
-
Sample
211029-nq2lcshhfj
-
MD5
e3d87c2d533796d8a78793bf4ef179ec
-
SHA1
7855d161dc42e4a0936f71274c9142950fc542c8
-
SHA256
f40c731716d135ea7e583819570a83d92e24c3dfb2a3b0ac375bd97774ffd689
-
SHA512
b4af236df96ad68bac6cc0522de034083c5b49d295bff8c1c83223ba1d137dfae48601ec443f346c1f672846dd8f58124d6c076be85b736060e083ee12725812
Static task
static1
Behavioral task
behavioral1
Sample
PO4809217226898789.pdf.exe
Resource
win7-en-20211014
Malware Config
Extracted
formbook
4.1
gr1c
http://www.illusiontrick.com/gr1c/
soakyourgrains.com
duwego.com
aenkdesign.com
bikabbziu.xyz
thesawyerlegacy.com
koreanmodelbj.xyz
exceed-standards.com
syirsve.com
sachisushimontreal.com
thegalwaykitchen.com
accarwash-hub.com
connectwithmentor.com
luftfundament.online
ibrahimkaracan.com
biggersinsurance.com
desellon.com
tvnewscloset.com
digital-dre.com
ingocg.com
fernanda-ortiz.com
globallbazar.com
goldballoons.com
save-insta.net
jr-cons.com
ahyaqing.com
dawoodkhalil.com
paris-moi.com
pitchnft.net
shopdivastore.com
clarksclumpiesforkids.com
boutiquedulinge.com
tephineproperties.com
536484.com
testbegetregainfo.info
descontazzo.com
complioso.com
cashvax.xyz
bezeqimt.net
niqi666.com
daqishoes.com
uichin.info
boostarassa.quest
tarrings.info
caringhearts.one
untouchableinnovations.com
raymondcase.com
trippyhippieinc.com
fischernude.top
mazurschool.com
fswde.online
boldlarentals.com
welmovs.xyz
bandardunia.xyz
9594851.com
jioi.top
brequity.com
krakennewhour.com
polyteq.net
033xj.com
066ss.xyz
aluthgossip.xyz
grandezapura.com
kenneth-p.online
dadsaman.com
Targets
-
-
Target
PO4809217226898789.pdf.exe
-
Size
347KB
-
MD5
e3d87c2d533796d8a78793bf4ef179ec
-
SHA1
7855d161dc42e4a0936f71274c9142950fc542c8
-
SHA256
f40c731716d135ea7e583819570a83d92e24c3dfb2a3b0ac375bd97774ffd689
-
SHA512
b4af236df96ad68bac6cc0522de034083c5b49d295bff8c1c83223ba1d137dfae48601ec443f346c1f672846dd8f58124d6c076be85b736060e083ee12725812
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-