General
-
Target
Order Inquiry.exe
-
Size
526KB
-
Sample
211116-rykjlabbfn
-
MD5
23ee05d66d0b6a4706506a263e4a3552
-
SHA1
a48d889ed30eba5528d7fbb5d93d3fc22b64f6dc
-
SHA256
feb16d3790c5cec4010ef58c9a3d1fe211b5aef00ed28d0681b1a92bcfc2ca17
-
SHA512
ed435fb60109f43ecfd392dd9c47ae069423b04c2e06fed8b4789a4989c67fe1b30ad66fefb76b79e22ed65f4508e93f8631e0cb8529a126e44e5307917e05f2
Static task
static1
Behavioral task
behavioral1
Sample
Order Inquiry.exe
Resource
win7-en-20211014
Malware Config
Extracted
formbook
4.1
dn7r
http://www.yourherogarden.net/dn7r/
eventphotographerdfw.com
thehalalcoinstaking.com
philipfaziofineart.com
intercoh.com
gaiaseyephotography.com
chatbotforrealestate.com
lovelancemg.com
marlieskasberger.com
elcongoenespanol.info
lepirecredit.com
distribution-concept.com
e99game.com
exit11festival.com
twodollartoothbrushclub.com
cocktailsandlawn.com
performimprove.network
24horas-telefono-11840.com
cosmossify.com
kellenleote.com
perovskite.energy
crosschain.services
xiwanghe.com
mollycayton.com
bonipay.com
uuwyxc.com
viberiokno-online.com
mobceo.com
menzelna.com
tiffaniefoster.com
premiumautowesthartford.com
ownhome.house
bestmartinshop.com
splashstoreofficial.com
guidemining.com
ecshopdemo.com
bestprinting1.com
s-circle2020.com
ncagency.info
easydigitalzone.com
reikiforthecollective.com
theknottteam.com
evolvedpixel.com
japxo.online
ryansqualityrenovations.com
dentimagenquito.net
pantherprints.co.uk
apoporangi.com
thietkemietvuon.net
ifernshop.com
casaruralesgranada.com
camp-3saumons.com
eddsucks.com
blwcd.com
deldlab.com
susanperb.com
autosanitizingsolutions.com
femhouse.com
ironcageclash.com
thekinghealer.com
shaghayeghbovand.com
advertfaces.com
lonriley.com
mased-world.online
mythicspacex.com
Targets
-
-
Target
Order Inquiry.exe
-
Size
526KB
-
MD5
23ee05d66d0b6a4706506a263e4a3552
-
SHA1
a48d889ed30eba5528d7fbb5d93d3fc22b64f6dc
-
SHA256
feb16d3790c5cec4010ef58c9a3d1fe211b5aef00ed28d0681b1a92bcfc2ca17
-
SHA512
ed435fb60109f43ecfd392dd9c47ae069423b04c2e06fed8b4789a4989c67fe1b30ad66fefb76b79e22ed65f4508e93f8631e0cb8529a126e44e5307917e05f2
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-