General
-
Target
new_order.rar
-
Size
235KB
-
Sample
220129-hwhsjsfcar
-
MD5
957cde797056f17e3c149ce6c11429c5
-
SHA1
eb0102943d56fd35d81850c9652fe21f21ae28e7
-
SHA256
c067194e9d005c09c7b36d0315d10d749e113f1e2e280e0957d13689bfd277a5
-
SHA512
2f9b460a88de3b0a4ec5e911c0f177db56a8e8245756924a4c83b0ba7db13529360753e08e814f159dc5bb80906bf7e8ba4b3219ae37497c4c08d37a965951de
Static task
static1
Behavioral task
behavioral1
Sample
new_order.exe
Resource
win7-en-20211208
Malware Config
Extracted
formbook
4.1
os16
nautic-experts-hageboelling.com
fullharvestfundraising.com
xbdsm.club
duocaterers.com
prizebuddy.club
nillprive.com
firebreathingpenguin.com
buxledger.com
annual-journals.com
mydemosite0.com
noaoka.com
eblaghe-iran.xyz
globalyuncang.com
jacqueson-autocars.com
asiafinances.com
howtomakearesume.space
modernwarfaresecrets.com
dualamaquinaria.com
thrili.com
gracing-up.com
jcrealtydesigns.com
southaustinmarket.com
dp-yszxwbhc.com
cryptolux.store
yourtechyadda.com
yogamat-turban.com
fykori.xyz
bitherders.com
strelingcollectibles.com
undershieldz.com
youcarboneutral.com
meetjaykinder.com
wicked-smokes.com
wy-bride.com
dunespro.com
sallyandterry.com
theamalfiswim.com
eleynworld.com
dreamsinbloomphotography.com
anaccommodation.com
slingactivt.com
rxd-ereecd.com
immovableproperty.online
ramziflowers.com
anthropophony.com
uncle.finance
ialife.info
kennascookies.com
meta-medical.info
sexcommittee.com
royalfountainlogistics.com
thedefinitionteam.store
dragonflyessence.com
momubeauty.com
alraedest.com
alcmjd.xyz
massagecon.com
nicoletian.com
rapslearning.online
dlapi.xyz
52economics.com
neurochirurgie-eisner.com
mbbfocean.xyz
greenlightiim.com
foodgw.com
Targets
-
-
Target
new_order.exe
-
Size
247KB
-
MD5
a0e70d1760e60d81e0f4ac2904fa8002
-
SHA1
0512dcf545274ac6512abf3fb31a6fff41614280
-
SHA256
0cd606362bbe747f3d0c0193675ce46ea2920fba28580b784f50a2969bbb0c27
-
SHA512
59c04bc30b9f279d434428011efe80d41fd5de99c92165c77dc2a097b742c60e676f65d6185c90d9e5ddfd181fd4a32c7d237ca75ed2be978c6b951be6ae8588
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-