General
-
Target
93fc98148dbcc6f16b8f6ca1d8bd6bc68eafb2b4b68e697135561f5845cf82b8
-
Size
656KB
-
Sample
220227-d6bd1adaem
-
MD5
68378be4104c3c2755528a8b220bed75
-
SHA1
73669194e71efa0b222ffd27625783ea25382712
-
SHA256
93fc98148dbcc6f16b8f6ca1d8bd6bc68eafb2b4b68e697135561f5845cf82b8
-
SHA512
1e1d08152bfd2f71b5aeeae8b506af8003f413bf79611a43467a7a1ff08c7aa664444f4166c00fb2b27be0a1cfb8311ebfce82988aa0f69d9ab77e15be10f0a9
Static task
static1
Behavioral task
behavioral1
Sample
93fc98148dbcc6f16b8f6ca1d8bd6bc68eafb2b4b68e697135561f5845cf82b8.exe
Resource
win7-20220223-en
Malware Config
Extracted
formbook
4.1
3nop
bakecakesandmore.com
shenglisuoye.com
chinapopfactory.com
ynlrhd.com
liqourforyou.com
leonqamil.com
meccafon.com
online-marketing-strategie.biz
rbfxi.com
frseyb.info
leyu91.com
hotsmail.today
beepot.tech
dunaemmetmobility.com
sixpenceworkshop.com
incrediblefavorcoaching.com
pofo.info
yanshudaili.com
yellowbrickwedding.com
paintpartyblueprint.com
capricorn1967.com
meucarrapicho.com
41230793.net
yoghurtberry.com
wv0uoagz0yr.biz
yfjbupes.com
mindfulinthemadness.com
deloslifesciences.com
adokristal.com
vandergardetuinmeubelshop.com
janewagtus.com
cloudmorning.com
foresteryt01.com
accident-law-yer.info
divorcerefinance.guru
wenxiban.com
589man.com
rockerdwe.com
duftkerzen.info
igametalent.com
yoursafetraffictoupdates.review
jialingjiangpubu.com
maximscrapbooking.com
20sf.info
shadowlandswitchery.com
pmbnc.info
shoppingdrift.online
potashdragon.com
ubkswmpes.com
064ewj.info
rewsales.com
dealsforyou.tech
ziruixu.com
naehascloud.com
smokvape.faith
sunflowermoonstudio.com
stepgentertainment.com
tawbj.info
besthappybuds.net
koohshoping.com
ajikrentcarsurabaya.com
jkjohnsroofingfl.com
whatsnexttnd.com
yoyodvd.com
joomlas123.info
Targets
-
-
Target
93fc98148dbcc6f16b8f6ca1d8bd6bc68eafb2b4b68e697135561f5845cf82b8
-
Size
656KB
-
MD5
68378be4104c3c2755528a8b220bed75
-
SHA1
73669194e71efa0b222ffd27625783ea25382712
-
SHA256
93fc98148dbcc6f16b8f6ca1d8bd6bc68eafb2b4b68e697135561f5845cf82b8
-
SHA512
1e1d08152bfd2f71b5aeeae8b506af8003f413bf79611a43467a7a1ff08c7aa664444f4166c00fb2b27be0a1cfb8311ebfce82988aa0f69d9ab77e15be10f0a9
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-