General
-
Target
TT_COPY.iso
-
Size
492KB
-
Sample
220131-p3gx6ahbfl
-
MD5
fcde8b4e836cf4dbddc74dce6a6c1704
-
SHA1
0cc2f9c98ec9572e83b097d96a96c042fbaa9434
-
SHA256
7b9ddcc06c5b09f7628abe23d92447a00eabdacc6a6c6dfb49dee4448b8d0aef
-
SHA512
2dd9039c2d29980e8ec726e150854d00331380e87244eabfd6d5d37c18060aaf3208694214d0e39fcda3ddd77eae800f00e36fa712fe4ed0eb343f885c4e10f0
Static task
static1
Behavioral task
behavioral1
Sample
TT_COPY.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
TT_COPY.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
formbook
4.1
b3n1
alexandragrows.com
shellload.com
stanleyrorke.com
glasurit.us
facebookismetaverse.com
astoundingaffairs.com
facom.us
dysonsaleoutlet.us
obtengaunitedhealthcare.com
sebastianroofrepairs.com
saltvent.com
littleonesclub.com
webamazoncardshopmail.xyz
lutam.xyz
myfirstpsgame.com
comline.cloud
valueinsightfororacle.com
congregacionansestral.com.co
paypal-uk.xyz
facebookversuzmeta.com
hyveone.com
metaisfacebook.com
wordpressversnellen.com
sunnyleoneporn.xyz
firstfrontstudios.com
heytechmarketing.com
metaversefacebook.net
zirsys.com
pmstnly.com
metafacebooksnewname.com
theagency.black
freemetasitebuilder.com
tesla88.vin
thebitcoinfuturesetfs.com
mygiftedaffairs.com
qrbconsulting.info
gpactive.com
facebookvsmeta.com
poele-shop.fr
firstcallindia.xyz
uhcecetr.xyz
informital.com
areyouongoogle.com
lymou.com
firstlightadventuretour.com
feed-supportives.com
chasesecurobanking.com
prestigioinformativo.com
blogkaisebanayehindimejane.com
freedomto.co
oneonemeta.com
joinclosify.co
unitedkingdommeta.com
alexandrathiele.com
xn--wellsfarg-o7a.com
rockstarsyard.com
acd-informatique.fr
firststopbusinesses.com
loisirs-et-spectacles.com
babymassage.us
5ggooglecloud.com
gameone10668.com
parkdomainforsale.com
riverbcastmake.net
teslabotnews.com
Targets
-
-
Target
TT_COPY.exe
-
Size
430KB
-
MD5
b38f111117f91cee4e7a32d369e5f647
-
SHA1
ad2036f338ed3e3a75b9dc2feb8425cb09968b01
-
SHA256
0ab24b5c9e24d195f00fa83a9078606341d6e7f56fc60c0b727a8f2c2b905c02
-
SHA512
af101647a761abae5c2d8285c0be3f3350b5be8f550ef7918001da2484f6ab6cea0c902f023c5cce7f838af3e498ecbff2ce24384980977d93b9f7185a9fe403
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-