General
-
Target
DEVIS N�067.rar
-
Size
399KB
-
Sample
211110-xxk2mafbgl
-
MD5
68c00295f57f89bab456380b4a407d6a
-
SHA1
0a6d6e98a34f0bab8caac81fa3c0c5b8dcb92c28
-
SHA256
f10c64e049fdcd6ac4bbebf138646aa5628a4a8b34fe8d8efac95d6c387e557a
-
SHA512
96e34a9da7fdfc051d8f83358fbff5e075e65f364626bb95f8ebc5f1f78242a233b15584aa325f779da87d569c18cf5356323472485ce47b30d74fd3bbcbac83
Static task
static1
Behavioral task
behavioral1
Sample
Commander une image.exe
Resource
win7-en-20211104
Malware Config
Extracted
formbook
4.1
dn7r
http://www.yourherogarden.net/dn7r/
eventphotographerdfw.com
thehalalcoinstaking.com
philipfaziofineart.com
intercoh.com
gaiaseyephotography.com
chatbotforrealestate.com
lovelancemg.com
marlieskasberger.com
elcongoenespanol.info
lepirecredit.com
distribution-concept.com
e99game.com
exit11festival.com
twodollartoothbrushclub.com
cocktailsandlawn.com
performimprove.network
24horas-telefono-11840.com
cosmossify.com
kellenleote.com
perovskite.energy
crosschain.services
xiwanghe.com
mollycayton.com
bonipay.com
uuwyxc.com
viberiokno-online.com
mobceo.com
menzelna.com
tiffaniefoster.com
premiumautowesthartford.com
ownhome.house
bestmartinshop.com
splashstoreofficial.com
guidemining.com
ecshopdemo.com
bestprinting1.com
s-circle2020.com
ncagency.info
easydigitalzone.com
reikiforthecollective.com
theknottteam.com
evolvedpixel.com
japxo.online
ryansqualityrenovations.com
dentimagenquito.net
pantherprints.co.uk
apoporangi.com
thietkemietvuon.net
ifernshop.com
casaruralesgranada.com
camp-3saumons.com
eddsucks.com
blwcd.com
deldlab.com
susanperb.com
autosanitizingsolutions.com
femhouse.com
ironcageclash.com
thekinghealer.com
shaghayeghbovand.com
advertfaces.com
lonriley.com
mased-world.online
mythicspacex.com
Targets
-
-
Target
Commander une image.exe
-
Size
680KB
-
MD5
b3e2d7ec66475428e995c4e706c4b0c5
-
SHA1
0d160fb47d47af61a0ca2378bd9a0844c561b39c
-
SHA256
9e29b8e60bf7a0e9f21ed8cca2d3e713b11e9be0ed6990e69ebf8ab5b5083c17
-
SHA512
2d4a73c9c7622b2ef9cfe640abfe542534866093b96a3c2ab49b3ddba8d6d54859dfcf58ba38ea2bebb9435a80123cce1cb3e48a292b4cdd7d65bef6a25be2a6
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-