General
-
Target
6b69aa9ccb11ee883edf10da3f6114cc37f37fc9.xlsx
-
Size
815KB
-
Sample
211206-nvpscsdhfp
-
MD5
d1e4e57c50f3f7917df39d4c241db7d6
-
SHA1
6b69aa9ccb11ee883edf10da3f6114cc37f37fc9
-
SHA256
6b876eb9b7f8e0a5a2c136c0557e8f7180cf1c0213a8f816b7625a629bd6f613
-
SHA512
9e4465e2f743f10a4aab4867fa45dc8dd073e087a222fa5a464966676dc6d4182d3dc29a9081b375a674b884aba19f76be2fa11091a9cca1a41840d2c3c05a7b
Static task
static1
Malware Config
Extracted
formbook
4.1
jy0b
http://www.filecrev.com/jy0b/
lamejorimagen.com
mykabukibrush.com
modgon.com
barefoottherapeutics.com
shimpeg.net
trade-sniper.com
chiangkhancityhotel.com
joblessmoni.club
stespritsubways.com
chico-group.com
nni8.xyz
searchtypically.online
jobsyork.com
bestsales-crypto.com
iqmarketing.info
bullcityphotobooths.com
fwssc.icu
1oc87s.icu
usdiesel.xyz
secrets2optimumnutrition.com
charlotte-s-creations.com
homenetmidrand.com
sytypij.xyz
tapehitsscriptsparty.com
adelenashville.com
greendylife.com
agbqs.com
lilcrox.xyz
thepersonalevolutionmaven.com
graciasmiangel.com
heidisgifts.com
flchimneyspecialists.com
yorkrehabclinic.com
cent-pour-centsons.com
marcoislandsupsurf.net
expressdiagnostics.info
surferjackproductions.com
duscopy.store
uekra.tech
campaigncupgunplant.xyz
cheetahadvance.com
blickosinski.icu
laketacostahoe.com
drippysupplyco.com
isomassagegun.com
clarition.com
andrew-pillar.com
truthbudgeting.com
cloudfixr.com
cfasministries.com
compliant-now-beta.com
kssc17.icu
plewabuilders.com
uslugi-email.site
167hours.com
sodo6697.com
voyagesify.com
ranodalei.com
culturao.com
littlepotato-id.com
integtiryhvacsanmateo.com
neatmounts.com
reddictnflstream.com
digistore-maya.com
Targets
-
-
Target
6b69aa9ccb11ee883edf10da3f6114cc37f37fc9.xlsx
-
Size
815KB
-
MD5
d1e4e57c50f3f7917df39d4c241db7d6
-
SHA1
6b69aa9ccb11ee883edf10da3f6114cc37f37fc9
-
SHA256
6b876eb9b7f8e0a5a2c136c0557e8f7180cf1c0213a8f816b7625a629bd6f613
-
SHA512
9e4465e2f743f10a4aab4867fa45dc8dd073e087a222fa5a464966676dc6d4182d3dc29a9081b375a674b884aba19f76be2fa11091a9cca1a41840d2c3c05a7b
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-