General
-
Target
Telex.exe
-
Size
652KB
-
Sample
211118-ryvdssebem
-
MD5
6c7b34d88d3bba58c6490c997bd1fb1b
-
SHA1
afc40c510db61d4bc695ff65b58453d43875cc1e
-
SHA256
4619bb3a67886541c23eea2bf4eda904ba034846c039aad7c2958a7b915d3db3
-
SHA512
8c4c44e9924cad878dfa4c7a5fef110d845a23bf1a9ca00d816da6738e7e9bf2f5eb3d0d270a21603cf6ce9e6529afb704ea030b21c90790dc872193ad8b4fb7
Static task
static1
Behavioral task
behavioral1
Sample
Telex.exe
Resource
win7-en-20211014
Malware Config
Extracted
formbook
4.1
ob7y
http://www.metanewsroom.net/ob7y/
ipsdjf.com
mlphntec.com
restaurant-day.store
writeramylong.com
flokigamefi.com
usetianyi.xyz
punishstrikebreaker.quest
ericnfleming.com
dhhwtieen.xyz
milfhackers.com
fewefie.store
pithstsdiet.store
kirsten-hemmerich.com
casinolopoca.com
sigag.xyz
geilepoes.com
metawhatsapp.art
sarjin.xyz
toprabatte.net
lotofbrave.club
ladydunyasi.com
oeooaoio.xyz
ifarh.com
geovaluablehack.com
heatherwoodrealestate.com
788027.com
groweth2gloweth.com
corryandbee.com
chatech.community
defholdingsus.com
gymandsports213.sbs
safaknet.com
rnisk.store
yhsps.com
taxlawyeral.com
liberiathelandofreturn.net
beniclothingstore.com
onecashadvance.com
metawhatsapp.delivery
chseovx.xyz
fiftyix.com
ambassadorbed.com
doktorhelp.com
memoryck.com
ceto21.com
zomerubo.rest
tyoutrannyvidep.com
3cbzfhhx5.com
cryleo.com
thebigass.online
ofd-trade-sender.com
elchinazizov.com
shakilimam.com
soporhojecast.com
reyestacosrestaurant.com
supdeszka.com
kredit-option.com
sharonallenart.com
destockage-international.com
immediate-edge-pl.xyz
jmsjszc.com
mojuwangluo.com
tr4ders.com
zilingodigitize.com
Targets
-
-
Target
Telex.exe
-
Size
652KB
-
MD5
6c7b34d88d3bba58c6490c997bd1fb1b
-
SHA1
afc40c510db61d4bc695ff65b58453d43875cc1e
-
SHA256
4619bb3a67886541c23eea2bf4eda904ba034846c039aad7c2958a7b915d3db3
-
SHA512
8c4c44e9924cad878dfa4c7a5fef110d845a23bf1a9ca00d816da6738e7e9bf2f5eb3d0d270a21603cf6ce9e6529afb704ea030b21c90790dc872193ad8b4fb7
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-