General
-
Target
39203048BYW2993849483.arj
-
Size
318KB
-
Sample
211116-r5wkfabcdj
-
MD5
948d71dbee946084f9ff54ef95034e32
-
SHA1
c6960c823677e80c32a3e7210fdd31ef888c54f5
-
SHA256
5fcec8d30f9e07ed3c76fea473d5f53b4d3194c3c6b433bfd3e4bc27ae3a938e
-
SHA512
26c4410fd64381e2d7f3d46bf689d9219d2d3237bdcb2c56b73413bbe7d14c837119d7df90d749337be2c49fc06b6feb7b3163f0ec5e316c87d7a75fde24ea46
Static task
static1
Behavioral task
behavioral1
Sample
39203048BYW2993849483.exe
Resource
win7-en-20211104
Malware Config
Extracted
formbook
4.1
ob7y
http://www.metanewsroom.net/ob7y/
ipsdjf.com
mlphntec.com
restaurant-day.store
writeramylong.com
flokigamefi.com
usetianyi.xyz
punishstrikebreaker.quest
ericnfleming.com
dhhwtieen.xyz
milfhackers.com
fewefie.store
pithstsdiet.store
kirsten-hemmerich.com
casinolopoca.com
sigag.xyz
geilepoes.com
metawhatsapp.art
sarjin.xyz
toprabatte.net
lotofbrave.club
ladydunyasi.com
oeooaoio.xyz
ifarh.com
geovaluablehack.com
heatherwoodrealestate.com
788027.com
groweth2gloweth.com
corryandbee.com
chatech.community
defholdingsus.com
gymandsports213.sbs
safaknet.com
rnisk.store
yhsps.com
taxlawyeral.com
liberiathelandofreturn.net
beniclothingstore.com
onecashadvance.com
metawhatsapp.delivery
chseovx.xyz
fiftyix.com
ambassadorbed.com
doktorhelp.com
memoryck.com
ceto21.com
zomerubo.rest
tyoutrannyvidep.com
3cbzfhhx5.com
cryleo.com
thebigass.online
ofd-trade-sender.com
elchinazizov.com
shakilimam.com
soporhojecast.com
reyestacosrestaurant.com
supdeszka.com
kredit-option.com
sharonallenart.com
destockage-international.com
immediate-edge-pl.xyz
jmsjszc.com
mojuwangluo.com
tr4ders.com
zilingodigitize.com
Targets
-
-
Target
39203048BYW2993849483.exe
-
Size
656KB
-
MD5
969c9f98fb5d2de8c9f4951a2dedc571
-
SHA1
5c8963a46a2f492500b9f113f9457772d5ad1d9a
-
SHA256
b7602e7d309795640e020a679f93dfd3cb890bc9073a8ead233ab5323c6e0551
-
SHA512
fd4ae7646c686e4032c80c2c36dade002cc9e2910069dde09952215e8ccbbbdea9cf40bc1bf14005675aed322627582713a2a4344ee5d209ddd239b12fcde3de
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-