General
-
Target
001130.exe
-
Size
439KB
-
Sample
211203-qnysssggdl
-
MD5
146cd34f4c9b02b767b1fd650341e1c0
-
SHA1
25f7125f1e02d3addce794b435679159cd1a3225
-
SHA256
100a38f41bd7479fffee98011672258611db629db410d4ef622dc2b87ba5b6fe
-
SHA512
cfe7c0cc643a2e75038d199039b7603cc1e232016989ba10ca7a5b6760f74f1d7e635fa3f5b5f529504d62effa5782c289555c132e8b82110a2b18aa9d422147
Static task
static1
Behavioral task
behavioral1
Sample
001130.exe
Resource
win7-en-20211104
Malware Config
Extracted
formbook
4.1
u1bs
http://www.vgmpradio.com/u1bs/
ln-safe-keepingmisva4.xyz
rtfh.xyz
awolin.link
metadlf.com
cardboardcasual.com
psicoterapiahablada.com
spaminator.xyz
hnjqzl.top
dentalyinovasi.site
biosynblas.com
zvyk.store
shreevishwakarmaservices.com
showersplash.com
norbert-roth.com
londoncapitaltraders.com
istanbuldonerkebabheroncity.com
realdiscountsnow.com
marlinplumbingwnc.com
magazinadziavane.com
qantv.com
redcardinaldaycare.com
fevxok.com
avp-travaux.com
spielload.com
countrymen.net
loverizzi.online
verbandverse.com
esssc.icu
thealphabrains.com
sleep-lab.pro
fancysquat.com
santasdasd.com
28ssc4.icu
gordonmicah.xyz
readyviewerone.com
242plaza.com
lc-kassel-kurhessen.com
guzram.com
classicitystudios.com
nextvoicetech.com
conectadoseventovirtual.com
chollz.xyz
sdxhbl.com
wilopumps.store
netshopsceilingfans.com
econiq.us
wisconsinfarmstay.com
pharmacie-plaideux.com
kppservices.com
cashprotectionservices.com
365bet356.com
davidandanabelsellshomes.com
bvfymca.net
kakvototakova.com
4bosses700mcc.com
topgamesimple.xyz
neistovo-veliko.online
vespafarmingdale.com
newmexicotitlesearches.com
dunnsdispatching.com
caldirectloans.com
taxitienthanh.com
marabout-serieux-rapide.com
oxygenglobal.net
Targets
-
-
Target
001130.exe
-
Size
439KB
-
MD5
146cd34f4c9b02b767b1fd650341e1c0
-
SHA1
25f7125f1e02d3addce794b435679159cd1a3225
-
SHA256
100a38f41bd7479fffee98011672258611db629db410d4ef622dc2b87ba5b6fe
-
SHA512
cfe7c0cc643a2e75038d199039b7603cc1e232016989ba10ca7a5b6760f74f1d7e635fa3f5b5f529504d62effa5782c289555c132e8b82110a2b18aa9d422147
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-