General
-
Target
Payment_Advice.zip
-
Size
324KB
-
Sample
220314-kzqcxafhdp
-
MD5
0d79d906b634941d12a47ef05674e9dc
-
SHA1
6a83cb74b8b54b5e38b6b8dd5a6afa2f1045a436
-
SHA256
bc1e7e59c022c6a18268526652635867ae48ca1463c0084bc59781976b794f58
-
SHA512
f36266b845554e65a3f65a0abdf5c7d70d79a19c978552657d7d86eab314d96a8fe6a16e87dab513de60a374f127ed331f038020940b58715a292959674cb889
Static task
static1
Behavioral task
behavioral1
Sample
Payment_Advice.exe
Resource
win7-20220310-en
Malware Config
Extracted
formbook
4.1
oh75
denizgidam.com
6cc06.com
charlottewaldburgzeil.com
medijanus.com
qingdaoyiersan.com
datcabilgisayar.xyz
111439d.com
xn--1ruo40k.com
wu6enxwcx5h3.xyz
vnscloud.net
brtka.xyz
showztime.com
promocoesdedezenbro.com
wokpy.com
chnowuk.online
rockshotscafe.com
pelrjy.com
nato-riness.com
feixiang-chem.com
thcoinexchange.com
fuelrescuereponse.com
digitaltunic.com
cellefill.com
paulbau.com
camillebeckman.xyz
ilico-media.com
603sa.com
firstechfedcu.com
koreaglp.com
thebeardedbrocksblends.com
musumeya-kotora.com
tocoteacanada.com
travelwitharden.com
diversamenteclinica.com
bw613.com
qe46.com
spectrumelectrolysis.com
maloyenterprises.com
inovasyon.xyz
remijoe.com
petsgallie.com
metagiphydownload.online
tigerdieect.com
jamedomp.com
peninsularbottling.com
1383fx.com
pandeymasala.online
spoilnet.com
itweu.com
ankxbi.icu
lm-safe-keepingyuchand92.xyz
dreamdsjoceo.com
providentview.com
newchinafortpayne.com
wu6bvnrlz4ra.xyz
intrasvp.com
ghoul-ambrose.com
alltenexpress.com
oniray.com
sistemaparadrogaria.com
zeidrei514-nifty.xyz
excaliburteacher.com
jennyandsteven.com
zakcotransportationllc.com
wwwccsuresults.com
Targets
-
-
Target
Payment_Advice.exe
-
Size
347KB
-
MD5
7743639ddcae00f91ce46f21bf73a9a8
-
SHA1
1daa2f866b0abf7cd48d43011562938ae6543b95
-
SHA256
b011f06c7ab6d49b0dd9285e1e2d9dee21efae17f6be4281ec7a6a26e2bed812
-
SHA512
8651283009598240de0e870e7d22ad0e9cec2f64a57b04ff094dece68a8cda917289c5985011c26ae91450a7e4e585989420d661f96f8a13105e3c95c2f93714
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-