General
-
Target
4700011885 spirit airline spares purchase .pdforder-romaero.exe
-
Size
321KB
-
Sample
211206-2ng1tsfcgk
-
MD5
7ae49f98e2e99c48dc6c5e452c9b8dfd
-
SHA1
ab9c59a4c2b4e9cccea6b13789b390b118eec8b3
-
SHA256
e80a75b1e9f5e664617abc4f946d823f00d97de2266a742441aef3abed98ae84
-
SHA512
098e6e5821142b3eae4c6281bb8487183ec240953c38d71a2cce3c8b9d476a7a52eb12ba7435cdca682f70785a4646643a8ad50e02f40cb450d183f15fc92d8e
Static task
static1
Behavioral task
behavioral1
Sample
4700011885 spirit airline spares purchase .pdforder-romaero.exe
Resource
win7-en-20211104
Malware Config
Extracted
formbook
4.1
vngb
http://www.gvlc0.club/vngb/
omertalasvegas.com
payyep.com
modasportss.com
gestionestrategicadl.com
teamolemiss.club
geektranslate.com
versatileventure.com
athletic-hub.com
vitanovaretreats.com
padison8t.com
tutoeasy.com
ediblewholesale.com
kangrungao.com
satode.com
prohibitionfeeds.com
getmorevacations.com
blinkworldbeauty.com
kdlabsallr.com
almanasef.com
transportationservicellc.com
goodtime.photos
pkmpresensi.com
banddwoodworks.com
agoodhotel.com
sec-waliet.com
unitybookkeepingsolutions.com
msbyjenny.com
thefilipinostory.com
nez-care.com
jobsforjabless.com
joeyzelinka.com
springeqx.com
doubletreeankamall.com
tribal-treasures.com
kickbikedepot.com
ez.money
norpandco.com
alanavieira.online
studybugger.net
giaohangtietkiemhcm.com
soundlifeonline.com
mindbodyweightlossmethod.com
arcelius.one
executivecenterlacey.com
summergreenarea.com
skydaddy.guru
peblish.com
croworld.tools
99099888.com
48rmz6.biz
globalshadowboards.com
420doggy.com
sikratek.com
pradaexch9.com
fashionbusinessmanagement.com
givemeyouroil.com
recifetopschoolteacher.com
dealhay.net
bitpaa.com
insidersbyio.com
atheanas.com
projectcentered.com
mmj0115.xyz
yektaburgers.com
Targets
-
-
Target
4700011885 spirit airline spares purchase .pdforder-romaero.exe
-
Size
321KB
-
MD5
7ae49f98e2e99c48dc6c5e452c9b8dfd
-
SHA1
ab9c59a4c2b4e9cccea6b13789b390b118eec8b3
-
SHA256
e80a75b1e9f5e664617abc4f946d823f00d97de2266a742441aef3abed98ae84
-
SHA512
098e6e5821142b3eae4c6281bb8487183ec240953c38d71a2cce3c8b9d476a7a52eb12ba7435cdca682f70785a4646643a8ad50e02f40cb450d183f15fc92d8e
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-