General
-
Target
DHL AWB TRACKING DETAILS.exe
-
Size
248KB
-
Sample
220128-kg9ntshhgl
-
MD5
4e358b432ba956c13627beee054d68e5
-
SHA1
8791318da047e93f2a16cc6535eba5159228f832
-
SHA256
836696cddebff5d522acb2c105a404ceeb635df69b3c9544b5bebcef13bc3e86
-
SHA512
a251f2f3e4fe9b0b44b3537983b406e9eb2d5e22298129ba9548f626c3657410adf23b50d0dd69f4601d7c873056e545ca7be0d808f8f0db3f9a38609b82dcff
Static task
static1
Behavioral task
behavioral1
Sample
DHL AWB TRACKING DETAILS.exe
Resource
win7-en-20211208
Malware Config
Extracted
formbook
4.1
a34b
mesonarte.com
eksiwakun9.xyz
dustcollectionconsultant.com
heliosarchitecture.com
chinaanalysisgroup.com
nimbinhillshemp.com
ychain.biz
mountshastaart.com
monstermangoloco.com
bodhiandbear.com
rootednft.xyz
metayema.com
zw21.xyz
criccketworld.com
segurobarato.net
ananyacap.com
momo-momo.xyz
ezrealestatedeals.com
ghrde.xyz
idimol.com
pcthspoe.xyz
thewhiteswanharringworth.com
che8760.com
85111280.xyz
apteka-magnolia.com
proach.online
portfolioabeckford.com
affilinvest.com
subspank.xyz
odessamadrecoffeehouse.com
onetrade.biz
tianfuhg.com
kibtitalikeniwenti.com
terriblearttours.com
saudirelief.com
metacourting.xyz
kimera.blue
mgpsfm.com
metawzrd.com
veahhiodl.xyz
alimasurfhotel.com
sirensandiego.com
gd-hxgg.com
aurorarift.com
clingbee.com
zettavisor2021.xyz
gregoryryankramer.art
robertsonfandc.com
sociedadgeograficacafe.com
emilyhkeefer.com
v-hush.com
judithtuttle.xyz
itbrandlink.com
carrybicycles.com
storge-evolution.com
socnhhpa.xyz
victorzark.com
ghettoguy.com
redtruckguy.com
jeanmariewallendorf.com
ocpdtel.xyz
democracies.online
bw529twonineh5.world
chinhdohuyenthoai.xyz
hdetpnipa.xyz
Targets
-
-
Target
DHL AWB TRACKING DETAILS.exe
-
Size
248KB
-
MD5
4e358b432ba956c13627beee054d68e5
-
SHA1
8791318da047e93f2a16cc6535eba5159228f832
-
SHA256
836696cddebff5d522acb2c105a404ceeb635df69b3c9544b5bebcef13bc3e86
-
SHA512
a251f2f3e4fe9b0b44b3537983b406e9eb2d5e22298129ba9548f626c3657410adf23b50d0dd69f4601d7c873056e545ca7be0d808f8f0db3f9a38609b82dcff
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-