General
-
Target
SCAMPMT.EXE
-
Size
431KB
-
Sample
220126-kycenabbfp
-
MD5
067e3e5b267e1c65a9e633ee3c3bd3d0
-
SHA1
3d0ef11080a29070a41f7b97c64cd04f45a147ee
-
SHA256
138885bb6b68014d53469fa9ce85505960e780a2953c13d4bee23d87f0db1563
-
SHA512
4487df8a859d6f2b40be64a7e516c9135eb703ac03fe694c297a241c6b710a3b84face067f2faac566f44d35a77be377b455c29e317b45baa3b6769564c67588
Static task
static1
Behavioral task
behavioral1
Sample
SCAMPMT.exe
Resource
win7-en-20211208
Malware Config
Extracted
formbook
4.1
b3n1
alexandragrows.com
shellload.com
stanleyrorke.com
glasurit.us
facebookismetaverse.com
astoundingaffairs.com
facom.us
dysonsaleoutlet.us
obtengaunitedhealthcare.com
sebastianroofrepairs.com
saltvent.com
littleonesclub.com
webamazoncardshopmail.xyz
lutam.xyz
myfirstpsgame.com
comline.cloud
valueinsightfororacle.com
congregacionansestral.com.co
paypal-uk.xyz
facebookversuzmeta.com
hyveone.com
metaisfacebook.com
wordpressversnellen.com
sunnyleoneporn.xyz
firstfrontstudios.com
heytechmarketing.com
metaversefacebook.net
zirsys.com
pmstnly.com
metafacebooksnewname.com
theagency.black
freemetasitebuilder.com
tesla88.vin
thebitcoinfuturesetfs.com
mygiftedaffairs.com
qrbconsulting.info
gpactive.com
facebookvsmeta.com
poele-shop.fr
firstcallindia.xyz
uhcecetr.xyz
informital.com
areyouongoogle.com
lymou.com
firstlightadventuretour.com
feed-supportives.com
chasesecurobanking.com
prestigioinformativo.com
blogkaisebanayehindimejane.com
freedomto.co
oneonemeta.com
joinclosify.co
unitedkingdommeta.com
alexandrathiele.com
xn--wellsfarg-o7a.com
rockstarsyard.com
acd-informatique.fr
firststopbusinesses.com
loisirs-et-spectacles.com
babymassage.us
5ggooglecloud.com
gameone10668.com
parkdomainforsale.com
riverbcastmake.net
teslabotnews.com
Targets
-
-
Target
SCAMPMT.EXE
-
Size
431KB
-
MD5
067e3e5b267e1c65a9e633ee3c3bd3d0
-
SHA1
3d0ef11080a29070a41f7b97c64cd04f45a147ee
-
SHA256
138885bb6b68014d53469fa9ce85505960e780a2953c13d4bee23d87f0db1563
-
SHA512
4487df8a859d6f2b40be64a7e516c9135eb703ac03fe694c297a241c6b710a3b84face067f2faac566f44d35a77be377b455c29e317b45baa3b6769564c67588
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-