General
-
Target
roo3t46.exe_
-
Size
247KB
-
Sample
220127-vn9mhsgcbp
-
MD5
3c96571096bf0cb7e3ab94ebbb5a5e6e
-
SHA1
e2eceeb56bc9488599a1258a768902949d6eb2f1
-
SHA256
c729aff36bcb598af78110b8f93e368103d89f281b2eabbc51949bf2e444a872
-
SHA512
84210e059eb31cf8f163ed58edc7e1057793e79a54f09eeb503613f63ec50baf05736179ceea808e6a6ebfee0198faff973f65ab47fb5189436153c13379db9c
Static task
static1
Behavioral task
behavioral1
Sample
roo3t46.exe
Resource
win10-en-20211208
Malware Config
Extracted
formbook
4.1
rv12
alsahger-store.com
luoboapp1.com
zjblmp.com
alreem-mall.com
wholesalemakeupmiamigarden.com
getevencattlecompany.com
fttmachinery.com
rauqe2m.xyz
pikeddetail-toglancetoday.info
apparessenza.com
g2367.com
advid-creativ.agency
mariobet399.com
seaforesthealth.com
autopilotinjury.net
jinchengdingjs.com
pigeoncontrolfarmington.com
mallorganicwealthgive.com
shicclothing.com
diwakarredhu.com
degenerated.xyz
sinwaeh.online
terrasconcept.com
quintasyranchosvip.com
isstuplennobuyno.xyz
web-news24.com
stellavonna.com
mdhandymanservices.com
proelitegaming.com
aivaras.xyz
jiangsuaituo.com
f1-metaverse.com
xn--nicorn-2ya.com
stoolhops.com
zbdu.info
wwg1wga.space
oakridgeranch.net
housetter.site
built-rite-mfg.com
byronfastfoodsaberdeen.com
xk8blvb0a7il.xyz
qgyp.xyz
duoyuns.com
cancerdietplan.com
dqczwmhg.com
fermecoopdumoulin.com
hopeu.info
dubstepisbad.com
neosoultrain.com
globaldigitalcity.asia
duijntractors.com
tsbqzlpnl.store
lipstikinc.com
ckllective.xyz
tljykj.com
mmjsnz.com
elregionalperiodico.com
canxs58c.xyz
enrobloxnuy.xyz
thelightshows.com
michaelkaack.com
aipharaohnft.com
mynextrealtor.com
fasthvacsolutions.com
talkingcakes.xyz
Targets
-
-
Target
roo3t46.exe_
-
Size
247KB
-
MD5
3c96571096bf0cb7e3ab94ebbb5a5e6e
-
SHA1
e2eceeb56bc9488599a1258a768902949d6eb2f1
-
SHA256
c729aff36bcb598af78110b8f93e368103d89f281b2eabbc51949bf2e444a872
-
SHA512
84210e059eb31cf8f163ed58edc7e1057793e79a54f09eeb503613f63ec50baf05736179ceea808e6a6ebfee0198faff973f65ab47fb5189436153c13379db9c
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Sets service image path in registry
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-