General
-
Target
mpomzx.exe
-
Size
309KB
-
Sample
211125-vaxe2afggq
-
MD5
586f7a1895ea47a462b1d5f6a43fcd33
-
SHA1
c41cd420af421d31faede9294af1a2edc638d543
-
SHA256
1358d88e078f1c59b546256968179bf213928f1e6f4e7afa255681b2cd8f92a2
-
SHA512
2783c07faa3bba31c1a8bdc83ce338ea43ccb044f0af5adf2ede8b8f4534b86536f069b35fad8d6ed4413cc86fac0121632e9db39de919275403547ebff1a130
Static task
static1
Behavioral task
behavioral1
Sample
mpomzx.exe
Resource
win7-en-20211014
Malware Config
Extracted
formbook
4.1
vngb
http://www.gvlc0.club/vngb/
omertalasvegas.com
payyep.com
modasportss.com
gestionestrategicadl.com
teamolemiss.club
geektranslate.com
versatileventure.com
athletic-hub.com
vitanovaretreats.com
padison8t.com
tutoeasy.com
ediblewholesale.com
kangrungao.com
satode.com
prohibitionfeeds.com
getmorevacations.com
blinkworldbeauty.com
kdlabsallr.com
almanasef.com
transportationservicellc.com
goodtime.photos
pkmpresensi.com
banddwoodworks.com
agoodhotel.com
sec-waliet.com
unitybookkeepingsolutions.com
msbyjenny.com
thefilipinostory.com
nez-care.com
jobsforjabless.com
joeyzelinka.com
springeqx.com
doubletreeankamall.com
tribal-treasures.com
kickbikedepot.com
ez.money
norpandco.com
alanavieira.online
studybugger.net
giaohangtietkiemhcm.com
soundlifeonline.com
mindbodyweightlossmethod.com
arcelius.one
executivecenterlacey.com
summergreenarea.com
skydaddy.guru
peblish.com
croworld.tools
99099888.com
48rmz6.biz
globalshadowboards.com
420doggy.com
sikratek.com
pradaexch9.com
fashionbusinessmanagement.com
givemeyouroil.com
recifetopschoolteacher.com
dealhay.net
bitpaa.com
insidersbyio.com
atheanas.com
projectcentered.com
mmj0115.xyz
yektaburgers.com
Targets
-
-
Target
mpomzx.exe
-
Size
309KB
-
MD5
586f7a1895ea47a462b1d5f6a43fcd33
-
SHA1
c41cd420af421d31faede9294af1a2edc638d543
-
SHA256
1358d88e078f1c59b546256968179bf213928f1e6f4e7afa255681b2cd8f92a2
-
SHA512
2783c07faa3bba31c1a8bdc83ce338ea43ccb044f0af5adf2ede8b8f4534b86536f069b35fad8d6ed4413cc86fac0121632e9db39de919275403547ebff1a130
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-