General
-
Target
Revised Proforma Invoice_New order 657453.rar
-
Size
435KB
-
Sample
211029-qm63saabbm
-
MD5
641c1386b6f0f3536ee21eb27037a490
-
SHA1
6473f89e0d23ad3c7fe7f23000fee5ad875d2f69
-
SHA256
a2630a850064e1aea8c9306f81e86ce2c9580f9b638f3482b88c566f680acbd1
-
SHA512
2768a45bda2b53b35c2663c84480c615ea9e705b531bbaa0978bbe2e799cb3f651dd682340bf6521f2f08794a1672b00ef1f9a3f906f2588ac504de9ce96c738
Static task
static1
Behavioral task
behavioral1
Sample
Revised Proforma Invoice_New order 657453.exe
Resource
win7-en-20211014
Malware Config
Extracted
formbook
4.1
g8ni
http://www.er5544.com/g8ni/
nickmowat.com
garethjame.biz
colibrilift.com
vulnerabilitylabs.one
neuro-ai-web-ru.website
16mcnaestreetmooneeponds.com
bestofstmaarten.net
meditelier.com
ragnarduke.com
escueladecampo.com
vongtayvn.com
inmemoriamaan.com
yourpeoplemanager.com
r6-gytr.com
agreeablebeauty.com
snpconfirms.com
tribalurq.quest
purafuse.com
cisco-training-course.com
wery.top
haiyaa.tech
schtefo.net
kenytc.com
energypopcorn.com
0urls.top
artiatec.com
enqum.com
nextcloud.solutions
stateaffairsng.com
727bpay.com
matchmakerfiji.com
qingdouge.com
nusrattelbdoffical.xyz
seo-clicks7.com
aspirateurs.net
autosandmorestore.com
moje-akvarium.net
uehddw.com
geschmacksakademie.com
gendarmerie.email
buynftinc.com
mission-nao.com
webmakers.xyz
federationwholesale.com
tjbieying.com
finestpoints.com
premiersloyko.xyz
carlislepartssurvey.com
hackernfts.com
abitvip.com
iphone13mini.supplies
thenorthfacedeal.online
swlhvipbj.com
elguije.com
auto2pl.com
route112mitsubishi.com
zilliq.com
pumateam04.com
xtzztf.com
sacmaudantoc.xyz
kalafwalker.com
jumeaux-numeriques.com
purposefulwork.com
jacquelineblog.info
Targets
-
-
Target
Revised Proforma Invoice_New order 657453.exe
-
Size
612KB
-
MD5
e308045d12e0b6080f825145d2c430d3
-
SHA1
9e64bf91fb9bdb86b502dd5bfc0eee1c2376aba4
-
SHA256
2ddee55661ebf37d1232422f9515e93599521c588e750b722424d7ac5bc48ca4
-
SHA512
d65a3d2cd96fc92e5d467d18cd3891ba044b289bcc331dfd522a3bbf555caf881cfabd7e90de00af4be7c3ac4c46093490935e20d41729337b163428e53f66d6
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-