General
-
Target
ARGENTINA NEW ORDER.scr
-
Size
782KB
-
Sample
220410-lwmchshbfj
-
MD5
6e0159efe85688cfb1435ff58cf8d3b4
-
SHA1
60b4de3550f6fa9870c9bd9558b3d43df479b097
-
SHA256
f71ffb7f3aa8f472021605310da900b36925efcf3f2965b6e541f0aaab4eb1c3
-
SHA512
df0ece3097bef5774472e95a50e1c1c71274b77697928fe960731de07c2728457e350fa3d22c78731be8f7147758722ebd6a27600485b61f899ee737482e1b55
Static task
static1
Behavioral task
behavioral1
Sample
ARGENTINA NEW ORDER.scr
Resource
win7-20220331-en
Malware Config
Extracted
formbook
4.1
s16r
kellieroysellsnc.com
valleylowvoltage.com
mltuo900.xyz
visitingpuntacana.com
weiwushi.com
austintechjob.com
rxstarcbd.com
shopstudioesi.com
filetto-server.xyz
relianceltdbnk.com
unethical.world
yedd.store
esthershhs.com
magaddis.com
scenicdrivetours.com
123gest.com
2020mortagelifeinsurance.com
faceinle.com
integritymarking.com
alfatoto.xyz
nwebcam.com
wu8hx5cpgl3i.xyz
shiningbellsscrubs.com
visitorego.com
101-bg.com
blaccforestsociety.com
caremeinternational.com
devanharle.com
d2h7e3q.xyz
excaliburteacher.com
tatouagejaponais.com
gallematias.com
sobacoffee.com
thetravelbanana.com
artandmag.com
swoutfit.com
pecintaotomotif.com
realkezorup.xyz
shoplitumi.com
taylorhudak.net
prime-links.net
openvmsdatabasemigration.com
digitaltradingforex.com
vocenoazulnovamente.com
ertyuhjul.xyz
yunshangzhongwen.com
psalm686.com
breastfeedcare.com
matjaralmona.com
insurancesalesreps.com
octets.biz
reviewopenaccess.biz
parvatakrachka.com
vector-center.xyz
hatchvi.com
hmamah.com
a-home4you.com
lq-safe-keepingyuchand91.xyz
amplexus.xyz
h3ssel.xyz
aims-colorado.com
clickforrichesvision.com
belcantato.com
minidentalimplantsdaytonoh.com
mlniubi.xyz
Targets
-
-
Target
ARGENTINA NEW ORDER.scr
-
Size
782KB
-
MD5
6e0159efe85688cfb1435ff58cf8d3b4
-
SHA1
60b4de3550f6fa9870c9bd9558b3d43df479b097
-
SHA256
f71ffb7f3aa8f472021605310da900b36925efcf3f2965b6e541f0aaab4eb1c3
-
SHA512
df0ece3097bef5774472e95a50e1c1c71274b77697928fe960731de07c2728457e350fa3d22c78731be8f7147758722ebd6a27600485b61f899ee737482e1b55
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Suspicious use of SetThreadContext
-