General
-
Target
0eba74f951b3c91a4c722d02cf2c0e377d7ce1e242a661a6fe9333580a5ad4d6
-
Size
936KB
-
Sample
220128-2b5w5afbck
-
MD5
2071e7aafe8a5db09fff23762d2b449c
-
SHA1
34d7501e6dae793af5b99a065887083d94485588
-
SHA256
0eba74f951b3c91a4c722d02cf2c0e377d7ce1e242a661a6fe9333580a5ad4d6
-
SHA512
97cec7a577adde24663ddece68f6058cb9cb127c509c43f7f6dfe6f34d17a4ee6a5fe9138fff8674c133044729662aaa6321651a5c7dc7b4bdb90d0ad48c7373
Static task
static1
Behavioral task
behavioral1
Sample
sales payment.scr
Resource
win7-en-20211208
Malware Config
Extracted
formbook
3.9
ge
basakpentamir.com
pilgrimbaits-premium.com
ab5pp.com
fjtts.com
stpelectronics.com
foraol.com
protagonista.info
nigeriasno1datingsite.com
dignity.live
bodyworldholdings.com
01lover.com
wwwjinsha045.com
serverlan.info
themachinevspeople.info
bergencountyautosales.com
hillsidemanor.house
sergiypavlyukphoto.com
abetterforupgrades.date
lokireddygroup.com
il-hotels-review.com
stone-interieur.com
sistemasucma.com
intersectventures.com
westonnissannw.info
vercour-mezo.com
oceanclub1.com
galexmulti.com
aajkapakistan.com
towzoom.com
krcgf.info
com-lphone.info
overcold.com
5008123.com
jbxdev.com
cozero.com
lifeforhealth74.com
revolicthailand.com
chungcu-paragontower.net
blink-boutique.com
pst-pure.energy
2ndwind.info
newyorkartbeat.net
xn--2qux23cg7bq62b.com
withdrawfromroute.com
archeractuarial.com
brianreynaphoto.com
calliluggage.com
xn--zoom-9j3po85on3dfpf.com
kf575.com
odv.asia
gaziantepulucanlarasm.com
ynhuiniu.com
betingirnavad90.com
substitutionshelp.accountant
ekvpres.com
letsgooba.com
lbdaycarecenter.com
beehappyplanting.com
zhaozushou.com
ronaqalamerat.com
softball.place
iccampionihotel.com
prashiru.com
coterielancaster.net
menflax.com
Targets
-
-
Target
sales payment.scr
-
Size
711KB
-
MD5
28996f9f1e4b645eed15f6bc8b51d937
-
SHA1
190bec54bcc632a8d676ff9df2b4bcec455c25fc
-
SHA256
66b2b5112b9aa05cd1c1d65b09499aecd3798e90af4cb2bfc7844372b4ba6f37
-
SHA512
63a43eb9e28a869d0af32b745e61f39b429179af988592f98dec6e2175a013a442b4e1f1b21fa5ef378f92e9849c62c4dc7e21f169b745000f2bdc603abe1599
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Adds policy Run key to start application
-
Suspicious use of SetThreadContext
-