General
-
Target
37d6fe6c4a5668a8960683f776fcc4aa.exe
-
Size
1.3MB
-
Sample
211216-kkwldaccgn
-
MD5
37d6fe6c4a5668a8960683f776fcc4aa
-
SHA1
fb5ae3d64ca4051c4eaed570f362f80d96d9f7c2
-
SHA256
5cf30c00d7d4d16229204e0c969f26a1a0fa2f0067818d518a81d97123e277d9
-
SHA512
64f147fd4a4709901a0530293c2380c40b17d0fc1bc3ed6ca077b869d61462abb1f995cafd7489fea36e29475a9e2cf8ec53bc7a46327e25033761dd5b28676e
Static task
static1
Behavioral task
behavioral1
Sample
37d6fe6c4a5668a8960683f776fcc4aa.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
37d6fe6c4a5668a8960683f776fcc4aa.exe
Resource
win10-en-20211208
Malware Config
Extracted
formbook
4.1
vngb
omertalasvegas.com
payyep.com
modasportss.com
gestionestrategicadl.com
teamolemiss.club
geektranslate.com
versatileventure.com
athletic-hub.com
vitanovaretreats.com
padison8t.com
tutoeasy.com
ediblewholesale.com
kangrungao.com
satode.com
prohibitionfeeds.com
getmorevacations.com
blinkworldbeauty.com
kdlabsallr.com
almanasef.com
transportationservicellc.com
goodtime.photos
pkmpresensi.com
banddwoodworks.com
agoodhotel.com
sec-waliet.com
unitybookkeepingsolutions.com
msbyjenny.com
thefilipinostory.com
nez-care.com
jobsforjabless.com
joeyzelinka.com
springeqx.com
doubletreeankamall.com
tribal-treasures.com
kickbikedepot.com
ez.money
norpandco.com
alanavieira.online
studybugger.net
giaohangtietkiemhcm.com
soundlifeonline.com
mindbodyweightlossmethod.com
arcelius.one
executivecenterlacey.com
summergreenarea.com
skydaddy.guru
peblish.com
croworld.tools
99099888.com
48rmz6.biz
globalshadowboards.com
420doggy.com
sikratek.com
pradaexch9.com
fashionbusinessmanagement.com
givemeyouroil.com
recifetopschoolteacher.com
dealhay.net
bitpaa.com
insidersbyio.com
atheanas.com
projectcentered.com
mmj0115.xyz
yektaburgers.com
gvlc0.club
Targets
-
-
Target
37d6fe6c4a5668a8960683f776fcc4aa.exe
-
Size
1.3MB
-
MD5
37d6fe6c4a5668a8960683f776fcc4aa
-
SHA1
fb5ae3d64ca4051c4eaed570f362f80d96d9f7c2
-
SHA256
5cf30c00d7d4d16229204e0c969f26a1a0fa2f0067818d518a81d97123e277d9
-
SHA512
64f147fd4a4709901a0530293c2380c40b17d0fc1bc3ed6ca077b869d61462abb1f995cafd7489fea36e29475a9e2cf8ec53bc7a46327e25033761dd5b28676e
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Suspicious use of SetThreadContext
-