General
-
Target
SALARY_RECEIPT.exe
-
Size
467KB
-
Sample
211205-k816rsccdm
-
MD5
bc1e02654c209a6a8bac1114714e28d8
-
SHA1
f04b3ce4e1ac91731d46d93c4e30335a8ff7385d
-
SHA256
041f3f888d5db058bb92e459a72fd55ed5c6aea6ffbfdcad620896d67c4a5c63
-
SHA512
dec77f32a44333c41f1ef6164c39e2f288e3b4c15675e87e67ca7338ec27e7ebb906bf2e4f72ab4b06cb903c92afc37771f21a8f95b83f8819fcce1fb2168552
Static task
static1
Behavioral task
behavioral1
Sample
SALARY_RECEIPT.exe
Resource
win7-en-20211014
Malware Config
Extracted
formbook
4.1
b3n1
http://www.teslabotnews.com/b3n1/
alexandragrows.com
shellload.com
stanleyrorke.com
glasurit.us
facebookismetaverse.com
astoundingaffairs.com
facom.us
dysonsaleoutlet.us
obtengaunitedhealthcare.com
sebastianroofrepairs.com
saltvent.com
littleonesclub.com
webamazoncardshopmail.xyz
lutam.xyz
myfirstpsgame.com
comline.cloud
valueinsightfororacle.com
congregacionansestral.com.co
paypal-uk.xyz
facebookversuzmeta.com
hyveone.com
metaisfacebook.com
wordpressversnellen.com
sunnyleoneporn.xyz
firstfrontstudios.com
heytechmarketing.com
metaversefacebook.net
zirsys.com
pmstnly.com
metafacebooksnewname.com
theagency.black
freemetasitebuilder.com
tesla88.vin
thebitcoinfuturesetfs.com
mygiftedaffairs.com
qrbconsulting.info
gpactive.com
facebookvsmeta.com
poele-shop.fr
firstcallindia.xyz
uhcecetr.xyz
informital.com
areyouongoogle.com
lymou.com
firstlightadventuretour.com
feed-supportives.com
chasesecurobanking.com
prestigioinformativo.com
blogkaisebanayehindimejane.com
freedomto.co
oneonemeta.com
joinclosify.co
unitedkingdommeta.com
alexandrathiele.com
xn--wellsfarg-o7a.com
rockstarsyard.com
acd-informatique.fr
firststopbusinesses.com
loisirs-et-spectacles.com
babymassage.us
5ggooglecloud.com
gameone10668.com
parkdomainforsale.com
riverbcastmake.net
Targets
-
-
Target
SALARY_RECEIPT.exe
-
Size
467KB
-
MD5
bc1e02654c209a6a8bac1114714e28d8
-
SHA1
f04b3ce4e1ac91731d46d93c4e30335a8ff7385d
-
SHA256
041f3f888d5db058bb92e459a72fd55ed5c6aea6ffbfdcad620896d67c4a5c63
-
SHA512
dec77f32a44333c41f1ef6164c39e2f288e3b4c15675e87e67ca7338ec27e7ebb906bf2e4f72ab4b06cb903c92afc37771f21a8f95b83f8819fcce1fb2168552
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-