General
-
Target
new_order.exe
-
Size
247KB
-
Sample
220128-lg25esaeel
-
MD5
a0e70d1760e60d81e0f4ac2904fa8002
-
SHA1
0512dcf545274ac6512abf3fb31a6fff41614280
-
SHA256
0cd606362bbe747f3d0c0193675ce46ea2920fba28580b784f50a2969bbb0c27
-
SHA512
59c04bc30b9f279d434428011efe80d41fd5de99c92165c77dc2a097b742c60e676f65d6185c90d9e5ddfd181fd4a32c7d237ca75ed2be978c6b951be6ae8588
Static task
static1
Behavioral task
behavioral1
Sample
new_order.exe
Resource
win7-en-20211208
Malware Config
Extracted
formbook
4.1
os16
nautic-experts-hageboelling.com
fullharvestfundraising.com
xbdsm.club
duocaterers.com
prizebuddy.club
nillprive.com
firebreathingpenguin.com
buxledger.com
annual-journals.com
mydemosite0.com
noaoka.com
eblaghe-iran.xyz
globalyuncang.com
jacqueson-autocars.com
asiafinances.com
howtomakearesume.space
modernwarfaresecrets.com
dualamaquinaria.com
thrili.com
gracing-up.com
jcrealtydesigns.com
southaustinmarket.com
dp-yszxwbhc.com
cryptolux.store
yourtechyadda.com
yogamat-turban.com
fykori.xyz
bitherders.com
strelingcollectibles.com
undershieldz.com
youcarboneutral.com
meetjaykinder.com
wicked-smokes.com
wy-bride.com
dunespro.com
sallyandterry.com
theamalfiswim.com
eleynworld.com
dreamsinbloomphotography.com
anaccommodation.com
slingactivt.com
rxd-ereecd.com
immovableproperty.online
ramziflowers.com
anthropophony.com
uncle.finance
ialife.info
kennascookies.com
meta-medical.info
sexcommittee.com
royalfountainlogistics.com
thedefinitionteam.store
dragonflyessence.com
momubeauty.com
alraedest.com
alcmjd.xyz
massagecon.com
nicoletian.com
rapslearning.online
dlapi.xyz
52economics.com
neurochirurgie-eisner.com
mbbfocean.xyz
greenlightiim.com
foodgw.com
Targets
-
-
Target
new_order.exe
-
Size
247KB
-
MD5
a0e70d1760e60d81e0f4ac2904fa8002
-
SHA1
0512dcf545274ac6512abf3fb31a6fff41614280
-
SHA256
0cd606362bbe747f3d0c0193675ce46ea2920fba28580b784f50a2969bbb0c27
-
SHA512
59c04bc30b9f279d434428011efe80d41fd5de99c92165c77dc2a097b742c60e676f65d6185c90d9e5ddfd181fd4a32c7d237ca75ed2be978c6b951be6ae8588
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-