General
-
Target
Xjnnpfmtmgzsjdtbismbqwngwvhuqbxdfh.zip
-
Size
520KB
-
Sample
220314-17f27sfbdp
-
MD5
00b672551a7f6c68c3a84e1466e1f208
-
SHA1
3d14022d6376bdef89663849d5979a5c0ee40dd9
-
SHA256
2078f364f8572f83cacf15db8384c28d70e0ce8cda89b92b351fe1f0e0e96fcb
-
SHA512
f3a4bdc24caf3ebbee360ea4c3f9fc39f002ae21f34b5c0fc1d83f2d80a380ca355a804c11543358153bb6da98e2e631ee35b1cf0a510d15c4c0e07904da269d
Static task
static1
Malware Config
Extracted
formbook
4.1
3nop
videohm.com
panache-rose.com
alnooncars-kw.com
trueblue2u.com
brussels-cafe.com
ip2c.net
influenzerr.com
rbcoq.com
zzful.com
drainthe.com
sumaholesson.com
cursosaprovados.com
genotecinc.com
dbrulhart.com
theapiarystudios.com
kensyu-kan.com
dkku88.com
tikhyper.com
aztecnort.com
homebrim.com
infinitilamp.com
leelegantflower.com
floor-space.investments
vidasustentavel.online
wholehearteddaughters.com
vipandeep.com
mdwovzrrm.icu
592215.com
academicplumbing.com
bestveganbook.com
theservantleader.com
nazarickdeveloper.xyz
delta-wing.com
girlfriendsgarb.com
sezyz11.com
ca3construction.com
smartswitchhomeloan.net
luckytwo.agency
ministry-of-barbers.com
babbageacademy.com
informationside.com
packapp.net
spacecoasthondaevent.com
thehealthyimmunereset.com
pjcavaliere.info
trebdurham.com
zhixintonghe.com
gon2580.com
dottproject.net
snakby.com
keeponsports.com
debbiewilsondesigns.com
stagingsolutionsgroup.com
forummondialdelamerbizerte.com
garnier.red
tempestchs.com
zpxinxi.com
jam-nins.com
inclusiocg.com
msmenders.com
whachupichu.com
pursemore.com
thebusinessfitclub.com
scootgotti.com
jakesplacebarbers.com
Targets
-
-
Target
Xjnnpfmtmgzsjdtbismbqwngwvhuqbxdfh.exe
-
Size
1.1MB
-
MD5
141d9c1ff226fedde53d68b36ad4d57d
-
SHA1
752f82f39496cf70d5d5cb4f028301c7a1648b30
-
SHA256
2c3d0dfe94f6ee36822a79a0d6bc22efbd964781a984dec679acbb5029ce1493
-
SHA512
7cddfea0c95093a8ee1310869fcb5fd775281a5c897ff260ab78644c8ebb36feca4f117d1c8179ced72fb2b2ab89860d71b39cfed48999c4fd7d237a4cf207b0
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-