General
-
Target
PO_0008610326.exe
-
Size
514KB
-
Sample
211118-nlkgaacfen
-
MD5
fb6533a557c91fe2666ec0c83c8d2222
-
SHA1
aafc569c743b5ceff8c83483516deb8b5a6661ab
-
SHA256
092136c57be5920feea805d61d41b309ba138c209b8e22e7f3edc7c5fd2c3422
-
SHA512
ec80fb0daee225678319dd180efa8681b2885e3a94ab8173bfee08d813a0a6b8c43e6399c538cf55d44328ee4391e9d23c6483cc21b67bbdd5902870e9e2c53d
Static task
static1
Behavioral task
behavioral1
Sample
PO_0008610326.exe
Resource
win7-en-20211104
Malware Config
Extracted
formbook
4.1
dn7r
http://www.yourherogarden.net/dn7r/
eventphotographerdfw.com
thehalalcoinstaking.com
philipfaziofineart.com
intercoh.com
gaiaseyephotography.com
chatbotforrealestate.com
lovelancemg.com
marlieskasberger.com
elcongoenespanol.info
lepirecredit.com
distribution-concept.com
e99game.com
exit11festival.com
twodollartoothbrushclub.com
cocktailsandlawn.com
performimprove.network
24horas-telefono-11840.com
cosmossify.com
kellenleote.com
perovskite.energy
crosschain.services
xiwanghe.com
mollycayton.com
bonipay.com
uuwyxc.com
viberiokno-online.com
mobceo.com
menzelna.com
tiffaniefoster.com
premiumautowesthartford.com
ownhome.house
bestmartinshop.com
splashstoreofficial.com
guidemining.com
ecshopdemo.com
bestprinting1.com
s-circle2020.com
ncagency.info
easydigitalzone.com
reikiforthecollective.com
theknottteam.com
evolvedpixel.com
japxo.online
ryansqualityrenovations.com
dentimagenquito.net
pantherprints.co.uk
apoporangi.com
thietkemietvuon.net
ifernshop.com
casaruralesgranada.com
camp-3saumons.com
eddsucks.com
blwcd.com
deldlab.com
susanperb.com
autosanitizingsolutions.com
femhouse.com
ironcageclash.com
thekinghealer.com
shaghayeghbovand.com
advertfaces.com
lonriley.com
mased-world.online
mythicspacex.com
Targets
-
-
Target
PO_0008610326.exe
-
Size
514KB
-
MD5
fb6533a557c91fe2666ec0c83c8d2222
-
SHA1
aafc569c743b5ceff8c83483516deb8b5a6661ab
-
SHA256
092136c57be5920feea805d61d41b309ba138c209b8e22e7f3edc7c5fd2c3422
-
SHA512
ec80fb0daee225678319dd180efa8681b2885e3a94ab8173bfee08d813a0a6b8c43e6399c538cf55d44328ee4391e9d23c6483cc21b67bbdd5902870e9e2c53d
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-