General
-
Target
TURKEY ORDER .scr
-
Size
503KB
-
Sample
220131-lmmlxsghgj
-
MD5
8d97825fcb618d066758c26345a0e1a7
-
SHA1
75cd534c1749636a42275ba79e47cffa45d238c0
-
SHA256
c9d9d795f4da4b011059eefc991e9e0790df60b47a992973b56a4261dbe943a5
-
SHA512
1a4caac07969533aff4f10a3af56cb2b3437b65e1776bcf8c36168ffa721f8acd928ee053079a71c106ccca664d3407d45005b71e18c3ae7909be4028d3f58cc
Static task
static1
Behavioral task
behavioral1
Sample
TURKEY ORDER .scr
Resource
win7-en-20211208
Malware Config
Extracted
formbook
4.1
s16r
kellieroysellsnc.com
valleylowvoltage.com
mltuo900.xyz
visitingpuntacana.com
weiwushi.com
austintechjob.com
rxstarcbd.com
shopstudioesi.com
filetto-server.xyz
relianceltdbnk.com
unethical.world
yedd.store
esthershhs.com
magaddis.com
scenicdrivetours.com
123gest.com
2020mortagelifeinsurance.com
faceinle.com
integritymarking.com
alfatoto.xyz
nwebcam.com
wu8hx5cpgl3i.xyz
shiningbellsscrubs.com
visitorego.com
101-bg.com
blaccforestsociety.com
caremeinternational.com
devanharle.com
d2h7e3q.xyz
excaliburteacher.com
tatouagejaponais.com
gallematias.com
sobacoffee.com
thetravelbanana.com
artandmag.com
swoutfit.com
pecintaotomotif.com
realkezorup.xyz
shoplitumi.com
taylorhudak.net
prime-links.net
openvmsdatabasemigration.com
digitaltradingforex.com
vocenoazulnovamente.com
ertyuhjul.xyz
yunshangzhongwen.com
psalm686.com
breastfeedcare.com
matjaralmona.com
insurancesalesreps.com
octets.biz
reviewopenaccess.biz
parvatakrachka.com
vector-center.xyz
hatchvi.com
hmamah.com
a-home4you.com
lq-safe-keepingyuchand91.xyz
amplexus.xyz
h3ssel.xyz
aims-colorado.com
clickforrichesvision.com
belcantato.com
minidentalimplantsdaytonoh.com
mlniubi.xyz
Targets
-
-
Target
TURKEY ORDER .scr
-
Size
503KB
-
MD5
8d97825fcb618d066758c26345a0e1a7
-
SHA1
75cd534c1749636a42275ba79e47cffa45d238c0
-
SHA256
c9d9d795f4da4b011059eefc991e9e0790df60b47a992973b56a4261dbe943a5
-
SHA512
1a4caac07969533aff4f10a3af56cb2b3437b65e1776bcf8c36168ffa721f8acd928ee053079a71c106ccca664d3407d45005b71e18c3ae7909be4028d3f58cc
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-