General
-
Target
ORDER_26.EXE
-
Size
1007KB
-
Sample
220126-jv3a8safgr
-
MD5
2a7891d958327a9c60b079ee3d487fd8
-
SHA1
fd828cc4ac3c2e8dd0319b146c0886677543c5d3
-
SHA256
0fcca302c4bcf8f490650685b46d1ea92edcb126aaf959c4b8ad0897511ee7d5
-
SHA512
945e51519051fa89023cf74e3935ae1a2ab98d5f758529908829e7b604c9cff56dd38af4446558d97fa8f918601e19e5c9ddb736578969768ae69966f163290f
Static task
static1
Behavioral task
behavioral1
Sample
ORDER_26.exe
Resource
win7-en-20211208
Malware Config
Extracted
formbook
4.1
je16
antonavt.com
sdfvlog.xyz
xn--arbetslivsaktren-ywb.com
propelcolor.com
uniqueclsssiccars.com
colorbells.com
synjive.com
cloudymellows.com
walltage.com
qterps.com
kezorup.online
soakedindelight.online
thefirstgroupscam.biz
miclanka.com
mwm-security.com
trinksaifenradiodocumentary.com
spineklinik.com
javacodecafe.com
groovyrelease-toknowtoday.info
ventadesillasymesas.com
metaheaven.global
supershhhbros.com
tradecardsbtz.com
parcel-alert-redelivery.com
manoncollinet.com
yfsallegiance.com
my12127.com
connectedmk.com
m7ssucx.xyz
chefjeffrecipes.com
tgogziae.com
xu7d7mfh6fht.xyz
cdamanagementservices.com
tampanazareno.com
albanybestbuyers.com
cowboychannellpus.com
dreamyhousewife.com
wu8jvohkp12w.xyz
mohaisen.xyz
s-h-a-h.com
hainanmizhi.xyz
hypedrize.com
77hub.cloud
phxpowdercoating.com
vozeestore.com
infostate.store
woshinidie1990.com
riskfreeenergy.com
southernfreelancersph.com
smithstores.net
cryptopal.xyz
xk8abxci6ogf.xyz
explainersadvids.team
ponpesihsaniyah.com
szabossteakandseafood.com
willtuckfinancial.com
unitedwii.com
thenftlotterys.com
599qu.com
threegalasdesigns.com
bedplot.xyz
liquidministry.store
amazingfactsabouteverything.com
wofdex.com
wakilin.com
Targets
-
-
Target
ORDER_26.EXE
-
Size
1007KB
-
MD5
2a7891d958327a9c60b079ee3d487fd8
-
SHA1
fd828cc4ac3c2e8dd0319b146c0886677543c5d3
-
SHA256
0fcca302c4bcf8f490650685b46d1ea92edcb126aaf959c4b8ad0897511ee7d5
-
SHA512
945e51519051fa89023cf74e3935ae1a2ab98d5f758529908829e7b604c9cff56dd38af4446558d97fa8f918601e19e5c9ddb736578969768ae69966f163290f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-