General
-
Target
Ipahtnlwocyaqoffrglyqcoirkzejlxvhh.exe
-
Size
915KB
-
Sample
220124-t9ehtsfhcr
-
MD5
1c2de2d34e6b111a8d34a1628a38e86c
-
SHA1
8f3b4eb58153f5b4e0f18242d1d440326c1abe09
-
SHA256
b83152fc7fc7aa9950add1de9c3d12e107e3b6eb481c1a368018ed26d3792cdc
-
SHA512
18a0c2547f8654a75d15f268d969f7bebb4a2b959ba4d718d66c5e84afa8f11fc3caf885b646af999eaf4643097cbaacb5137722d0bd1ded8553c93e0e9e4006
Static task
static1
Behavioral task
behavioral1
Sample
Ipahtnlwocyaqoffrglyqcoirkzejlxvhh.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Ipahtnlwocyaqoffrglyqcoirkzejlxvhh.exe
Resource
win10-en-20211208
Malware Config
Extracted
formbook
4.1
gmfe
boldaerospace.com
oleeoe.com
aucreuxducoeur.one
fatbellytonic.com
newfrontiermining.net
iphone13promax.guide
meltingpotspot.com
zuinigerijder.com
sigmagrup.com
thehekadivine.com
once-only.online
variouselectricianservice.com
xn--oy2b9rj5qfzo85aro.com
wuzuiso.com
inoutinsurance.xyz
company-intel.net
apppromaguginybuo.com
st666.tech
k-reborn-okayama.com
realteenpattix.com
carenowgroup.com
tmt-vollaile.com
giesinger-wohnbau.com
ditrixmed.store
paycomrade.com
vejetaceci.quest
pietrocaruso.net
selectiveshrooms.com
bestoflakegeorge.guide
programchi.com
duogongnenggan.com
nimbletor.com
colchonesstorremolinos.com
oslokolen.com
crystallbrightserum.store
mbxprtz.com
premiumgelsin.com
harsors.com
christmastreelady.com
farmivet.com
chuanqi123.xyz
rencosolutions.com
naturalesales.com
wittmannguns.com
xn--ef5bu9n0ob.com
bisallrd.com
maklerkola.quest
ihi7diuz.xyz
healthsupplyworldwide.com
kyleejenner.com
searpenter.com
toystoyskids.com
wkec.online
centerforhospiceeducation.com
shegemaispersada.com
lootproject.digital
beritcustomhomes.com
bloompsychservices.com
skylikewebsite.website
shibeifeng.com
cstingche.com
jaspirations.com
lilymarketvn.com
teastoner.com
marketingworksonhold.com
Targets
-
-
Target
Ipahtnlwocyaqoffrglyqcoirkzejlxvhh.exe
-
Size
915KB
-
MD5
1c2de2d34e6b111a8d34a1628a38e86c
-
SHA1
8f3b4eb58153f5b4e0f18242d1d440326c1abe09
-
SHA256
b83152fc7fc7aa9950add1de9c3d12e107e3b6eb481c1a368018ed26d3792cdc
-
SHA512
18a0c2547f8654a75d15f268d969f7bebb4a2b959ba4d718d66c5e84afa8f11fc3caf885b646af999eaf4643097cbaacb5137722d0bd1ded8553c93e0e9e4006
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-