General
-
Target
Promar Industrial Chemicals PO.lzh
-
Size
373KB
-
Sample
220128-qzpz2adfal
-
MD5
bb8abf2a56123e1a20a22b1fed1b2f39
-
SHA1
440b8c61283ce7cc64225c02f00471c9f0a63306
-
SHA256
24297af3766db60f58d626d2c31e8647b2c596259a26d067481916c8cd16091d
-
SHA512
91864c86e5af76344c0a51e0701da42881772c3bbe0dbf38b5eeba32423ba8141a8a0ec0f395f2cbd9c797e72db192c374dc94c94cb10800dbd5f4a062ab39d7
Static task
static1
Behavioral task
behavioral1
Sample
Promar Industrial Chemicals PO.exe
Resource
win7-en-20211208
Malware Config
Extracted
formbook
4.1
n2t4
livingthroughthechaos.net
videobuzzmedia.com
felineformulas.com
theorganicbees.com
bizoeflow.com
gtbcked.com
immortalapenft.com
pacherasrl.com
defunddrip.black
fromefarm.com
newmedicalnetwork.com
nikosblue.com
kaecfu.online
arcane-stylish.com
7ox.info
osamaabuzawayed.com
noemielatour.com
baccaratjava.com
latinfoodandwinefestival.com
magiclandstudios.com
shazpe.com
businessmanbazar.com
lifewithkatiewright.com
themarketingideascatalog.com
nickbrizhoops.com
esportsgamertv.com
delinointeriores.com
connotatetechnologies.net
cybomatic.cloud
correctmakling.site
thammydora.com
ageingwellhomecare.com
fleetwoodjobshop.site
jakulo.com
drbaren.com
newpointstudio.com
yxuqamnj.com
spiritsyncing.net
hy963app.com
rnp-trading-lukoil.com
bowlesuniverse.com
fumigacionesecouniversal.com
vulvip.com
heppi.pro
preetiplease.com
gemini-hk.icu
allyazek24.xyz
blackbratapparelcompany.com
immersivenm.com
mystoragewarehouse.com
dvjdob.icu
mecanicadesuelosrancagua.one
cayugacommunitysolar.com
parizes.site
vpsincnas.com
tattoo-marketplace.online
garadapatngklgamazon.com
signa.info
simplegourmetpa.com
quintanaroopt.com
studio-goettingen.com
brimhi.com
fabula-glass.com
1049hubertrd.com
faireez.club
Targets
-
-
Target
Promar Industrial Chemicals PO.exe
-
Size
419KB
-
MD5
c368451b88a7831a71d9f9e9cbdf6ce5
-
SHA1
dfd8f1ef334550cd94763e0bc60b5b4f243f3ebd
-
SHA256
2d982a64999857ad75996e06f4a858c43b1bd5e17422195414de62d5e344e413
-
SHA512
52c9208cad6f6ff477b4013d32e3b5f15a8e71d4b33dcc8825c21d7c5d0ef00dcbd9b805865340d57688fcd51726ddc5b0b74b6167c0586c7e0e7a6192fe1d17
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-