General
-
Target
order draft001.rar
-
Size
357KB
-
Sample
211029-w2dyfaaedp
-
MD5
76be1fda74d2c6487c12e6be9c41a275
-
SHA1
b3742186e1236eb01547f3eb1a3ec7599a1b7851
-
SHA256
3aaa02e43bf91f8ba1f1f9811dcb52c5cadaa356b70514a5bb639d7247fc73db
-
SHA512
1e9c3f13b39fa14daa00f45f916a1a5a97940332a8a1ea9690c47e1a5537b83c99847f4c3334e99e6aa7ec23e2038947a8add3d04dba4d2efd8ee13cf0535553
Static task
static1
Behavioral task
behavioral1
Sample
order draft.com.exe
Resource
win7-en-20211014
Malware Config
Extracted
formbook
4.1
dn7r
http://www.yourherogarden.net/dn7r/
eventphotographerdfw.com
thehalalcoinstaking.com
philipfaziofineart.com
intercoh.com
gaiaseyephotography.com
chatbotforrealestate.com
lovelancemg.com
marlieskasberger.com
elcongoenespanol.info
lepirecredit.com
distribution-concept.com
e99game.com
exit11festival.com
twodollartoothbrushclub.com
cocktailsandlawn.com
performimprove.network
24horas-telefono-11840.com
cosmossify.com
kellenleote.com
perovskite.energy
crosschain.services
xiwanghe.com
mollycayton.com
bonipay.com
uuwyxc.com
viberiokno-online.com
mobceo.com
menzelna.com
tiffaniefoster.com
premiumautowesthartford.com
ownhome.house
bestmartinshop.com
splashstoreofficial.com
guidemining.com
ecshopdemo.com
bestprinting1.com
s-circle2020.com
ncagency.info
easydigitalzone.com
reikiforthecollective.com
theknottteam.com
evolvedpixel.com
japxo.online
ryansqualityrenovations.com
dentimagenquito.net
pantherprints.co.uk
apoporangi.com
thietkemietvuon.net
ifernshop.com
casaruralesgranada.com
camp-3saumons.com
eddsucks.com
blwcd.com
deldlab.com
susanperb.com
autosanitizingsolutions.com
femhouse.com
ironcageclash.com
thekinghealer.com
shaghayeghbovand.com
advertfaces.com
lonriley.com
mased-world.online
mythicspacex.com
Targets
-
-
Target
order draft.com
-
Size
471KB
-
MD5
f010aecf40c6d5a592dc55c4f95d15aa
-
SHA1
4e202b8ccf0841562a9aa9fa5bef3333f25ba57f
-
SHA256
79b16be36de1dfa5a48d965e4a4c19c7c481b6972392e6d0e6edd00447297b96
-
SHA512
e10b463221730ee2362ded75711d3eb636c13f087fea2e01761706bc6382fe2fb51f34f7c5fae1b7250ed0de11ea8e1753b6807ec8ec5e25d2429d731e1e4367
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-