General
-
Target
5aad2b6635b3069402aaf6ff389bea64
-
Size
21KB
-
Sample
211125-tvsrxafgbr
-
MD5
5aad2b6635b3069402aaf6ff389bea64
-
SHA1
a8617ddffd6c934fcf3f64c6e84b1a23ffa9d092
-
SHA256
718dcc870c0de487595feed4e5e43dc70fba6fa2aaac15462c0ba5c20028e7bd
-
SHA512
2bcdcc3775f8d2a163b8b564232a5839fe625b8ab7f8b6de613b57abf436e6acb095d5bc2a081e966aa4422a9edb9a81df031d4da40add21cef4404aa45a5d3d
Static task
static1
Behavioral task
behavioral1
Sample
5aad2b6635b3069402aaf6ff389bea64.rtf
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
5aad2b6635b3069402aaf6ff389bea64.rtf
Resource
win10-en-20211104
Malware Config
Extracted
formbook
4.1
9gr5
http://www.cuteprofessionalscrubs.com/9gr5/
newleafcosmetix.com
richermanscastle.com
ru-remonton.com
2diandongche.com
federaldados.design
jeffreycookweb.com
facecs.online
xmeclarn.xyz
olgasmith.xyz
sneakersonlinesale.com
playboyshiba.com
angelamiglioli.com
diitaldefynd.com
whenevergames.com
mtheartcustom.com
vitalactivesupply.com
twistblogr.com
xn--i8s140at3d6u7c.tel
baudelaireelhakim.com
real-estate-miami-searcher.site
131122.xyz
meta-medial.com
carvanaworkers.com
mimamincloor.com
aglutinarteshop.com
portal-arch.com
mandeide.com
golfteesy.com
carteretcancer.center
cuansamping.com
jhhnet.com
oetthalr.xyz
toesonly.com
ctbizmag.com
searchonzippy.com
plantedapts.com
matoneg.online
takened.xyz
meta4.life
africanizedfund.com
jukeboxjason.com
folez.online
troddu.com
802135.com
guiamat.net
gladiasol.com
meditationandyogacentre.com
metaverserealestateagent.com
boogyverse.net
melissa-mochafest.com
cozsweeps.com
pickles-child.com
metaversemediaschool.com
ahfyfz.com
ses-coating.com
pozada.biz
loldollmagic.com
mountfrenchlodge.net
25680125.xyz
inusuklearning.com
dnteagcud.xyz
yupan.site
acloud123.xyz
asadosdonchorizo.com
Targets
-
-
Target
5aad2b6635b3069402aaf6ff389bea64
-
Size
21KB
-
MD5
5aad2b6635b3069402aaf6ff389bea64
-
SHA1
a8617ddffd6c934fcf3f64c6e84b1a23ffa9d092
-
SHA256
718dcc870c0de487595feed4e5e43dc70fba6fa2aaac15462c0ba5c20028e7bd
-
SHA512
2bcdcc3775f8d2a163b8b564232a5839fe625b8ab7f8b6de613b57abf436e6acb095d5bc2a081e966aa4422a9edb9a81df031d4da40add21cef4404aa45a5d3d
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-