General
-
Target
Reversed Invoice for new products.rar
-
Size
413KB
-
Sample
211031-xtv3esdahn
-
MD5
d45ededc04546f216a4f38999bef2320
-
SHA1
bc8d89964580438158776b8727e08d22dcf41fa7
-
SHA256
afef0a80915c7ebea814b4b1a93170067eab6d25b37ae0798c1950cd382577a4
-
SHA512
9ba1e123108a3b35f9665e15a37e6c203252a75bf016075fc16aff096772d6d7f9001f227a67a31a114c621d2ea9b1478ff56fb15f6836f85711538f9b60fd1b
Static task
static1
Behavioral task
behavioral1
Sample
Reversed Invoice for new products.exe
Resource
win7-en-20211014
Malware Config
Extracted
formbook
4.1
r4gk
http://www.aprilsaak.quest/r4gk/
quantalix.com
animalblog-eggs.com
039skz.xyz
guttas.net
lasantadayparty.com
protegerfinanceservices.com
vixtest.xyz
digitaleconomy.global
0xpax.xyz
mobilehome1688.com
themotionpartners.com
valueney.com
hattuafhv.quest
js0061gj.net
360metaverse.biz
seculardata.com
346727688.xyz
smartmapom.com
moksel.com
exoduswatchco.com
cryptopazar.com
constructioncdr.com
teamlsu.club
vitalflowscam.com
participatetn.info
daysyou.com
beautifulhandwriting.net
risccredit.com
coachingwithkyle.com
tedthemusicguy.com
theukulelejournal.com
enpratikyemektarifleri.com
reaching-far.com
investmentcomp.com
digitalzonecorp.com
internet-treat.com
oligopoly.club
thepropertiesmatterlawfirm.com
jsi.money
8mlcvtd4y.com
tjc075kcn.xyz
floribunda.space
clinpic.com
zhizhengsf.com
thebestsmartphones.com
robertaeelton.com
upcxi.xyz
graywolfdesign.com
elitespeedco.com
asia99.asia
021parkert.com
seo-clicks7.com
com103940689794.icu
thegisguru.com
api-22nnys.com
srothientu.com
hfhcatering.com
strukuwehtet.quest
extramovies.quest
monamodda.com
markbuyskes.com
smartar8.xyz
illarrivelatebut.space
gestionestrategicadl.com
Targets
-
-
Target
Reversed Invoice for new products.exe
-
Size
588KB
-
MD5
c143e48329117200f2fed704dd8a3427
-
SHA1
14bf703e576ff1b76b9ad540fda7bbdd748e78c0
-
SHA256
1910bc92f591b3feb607aac1518fe2cc6c834b627b76637cb27464006e072a22
-
SHA512
6bf52af4e5ffdf845f154e1e81b98ab8f46136379b5e3ba9152243b9a3906566862df6e0171f0036214de2901d3212d42af0a12db06ca2cd999577dc14b52ff5
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Suspicious use of SetThreadContext
-