General
-
Target
Bank Slip.7z
-
Size
453KB
-
Sample
211102-xvjqsahefp
-
MD5
80e210a711a6a1c2ada9302034a0d936
-
SHA1
2f486c1bfe41dd76b371d7f5bfa55518de77109c
-
SHA256
7ad52e6203a53f00cd4fe729c698a8c4fb5aa3641b762217e0e32448e81ea563
-
SHA512
56c0c389e2f3c831a6131f5086cf19ce47ccc6bedf2017b3c5bb90f4697a071cca2e48b2c33d9ff06d995eb25438f760c309149af07bd200766f510b4f4cb2f2
Static task
static1
Behavioral task
behavioral1
Sample
Bank Slip.exe
Resource
win7-en-20211014
Malware Config
Extracted
formbook
4.1
r4gk
http://www.aprilsaak.quest/r4gk/
quantalix.com
animalblog-eggs.com
039skz.xyz
guttas.net
lasantadayparty.com
protegerfinanceservices.com
vixtest.xyz
digitaleconomy.global
0xpax.xyz
mobilehome1688.com
themotionpartners.com
valueney.com
hattuafhv.quest
js0061gj.net
360metaverse.biz
seculardata.com
346727688.xyz
smartmapom.com
moksel.com
exoduswatchco.com
cryptopazar.com
constructioncdr.com
teamlsu.club
vitalflowscam.com
participatetn.info
daysyou.com
beautifulhandwriting.net
risccredit.com
coachingwithkyle.com
tedthemusicguy.com
theukulelejournal.com
enpratikyemektarifleri.com
reaching-far.com
investmentcomp.com
digitalzonecorp.com
internet-treat.com
oligopoly.club
thepropertiesmatterlawfirm.com
jsi.money
8mlcvtd4y.com
tjc075kcn.xyz
floribunda.space
clinpic.com
zhizhengsf.com
thebestsmartphones.com
robertaeelton.com
upcxi.xyz
graywolfdesign.com
elitespeedco.com
asia99.asia
021parkert.com
seo-clicks7.com
com103940689794.icu
thegisguru.com
api-22nnys.com
srothientu.com
hfhcatering.com
strukuwehtet.quest
extramovies.quest
monamodda.com
markbuyskes.com
smartar8.xyz
illarrivelatebut.space
gestionestrategicadl.com
Targets
-
-
Target
Bank Slip.exe
-
Size
687KB
-
MD5
70b451bd89a63b00a420d5104fe67853
-
SHA1
dc119895d29fd939c45ca5f839c4f94ee81df84d
-
SHA256
9611957db07f36a13d7e43f5c32c08c0e3c44c689e7d88c832490e3d259cfb48
-
SHA512
db248cf9b258a34dbf449ecce4b1e473adaff398bf0955cc4b700ca3aa881ad148d90a02a70958ba01087b04cfda9625a92cbaded8afe7000709b2ecf5a5d5e2
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-