General
-
Target
dce983778e604b799e0470fd69e833f2
-
Size
174KB
-
Sample
220121-xkskyabadl
-
MD5
dce983778e604b799e0470fd69e833f2
-
SHA1
b97b22599b0b87bab09f24a7531c89d4cf35f5c2
-
SHA256
2d40f472fa610ec9068b1bb4d057ca2293e2389fe7915acd2237b6df85e9b6b3
-
SHA512
bac7da0e8730d35e1c160c22e578c93f70a7d75cf700874b8ab485b3c0056848e6c39ebe19f8dafe19dd8b379b4fb655c974593782a1a181172a735ca88a5416
Static task
static1
Behavioral task
behavioral1
Sample
dce983778e604b799e0470fd69e833f2.exe
Resource
win7-en-20211208
Malware Config
Extracted
formbook
4.1
oh75
denizgidam.com
6cc06.com
charlottewaldburgzeil.com
medijanus.com
qingdaoyiersan.com
datcabilgisayar.xyz
111439d.com
xn--1ruo40k.com
wu6enxwcx5h3.xyz
vnscloud.net
brtka.xyz
showztime.com
promocoesdedezenbro.com
wokpy.com
chnowuk.online
rockshotscafe.com
pelrjy.com
nato-riness.com
feixiang-chem.com
thcoinexchange.com
fuelrescuereponse.com
digitaltunic.com
cellefill.com
paulbau.com
camillebeckman.xyz
ilico-media.com
603sa.com
firstechfedcu.com
koreaglp.com
thebeardedbrocksblends.com
musumeya-kotora.com
tocoteacanada.com
travelwitharden.com
diversamenteclinica.com
bw613.com
qe46.com
spectrumelectrolysis.com
maloyenterprises.com
inovasyon.xyz
remijoe.com
petsgallie.com
metagiphydownload.online
tigerdieect.com
jamedomp.com
peninsularbottling.com
1383fx.com
pandeymasala.online
spoilnet.com
itweu.com
ankxbi.icu
lm-safe-keepingyuchand92.xyz
dreamdsjoceo.com
providentview.com
newchinafortpayne.com
wu6bvnrlz4ra.xyz
intrasvp.com
ghoul-ambrose.com
alltenexpress.com
oniray.com
sistemaparadrogaria.com
zeidrei514-nifty.xyz
excaliburteacher.com
jennyandsteven.com
zakcotransportationllc.com
wwwccsuresults.com
Targets
-
-
Target
dce983778e604b799e0470fd69e833f2
-
Size
174KB
-
MD5
dce983778e604b799e0470fd69e833f2
-
SHA1
b97b22599b0b87bab09f24a7531c89d4cf35f5c2
-
SHA256
2d40f472fa610ec9068b1bb4d057ca2293e2389fe7915acd2237b6df85e9b6b3
-
SHA512
bac7da0e8730d35e1c160c22e578c93f70a7d75cf700874b8ab485b3c0056848e6c39ebe19f8dafe19dd8b379b4fb655c974593782a1a181172a735ca88a5416
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-