General
-
Target
94902224517eaceaf178611c905ea98de2e68b86e4c74873256ee6a3a1814f85
-
Size
983KB
-
Sample
220502-sar47sfdh2
-
MD5
8d8da33ddfa3469fb5cc6c0c11c36b4d
-
SHA1
25649b1d98be877af5e0b6cf7012cfd7df1bba36
-
SHA256
94902224517eaceaf178611c905ea98de2e68b86e4c74873256ee6a3a1814f85
-
SHA512
708cf3d287f70bd94e68e403661680c56fd24bd1cf16d013b4aee3ed6745f0c35f8d7206656b3c586546856097c8bb0f85095f919c1a22d53622ebb9b62b2520
Static task
static1
Behavioral task
behavioral1
Sample
New Order list..exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
3nop
bakecakesandmore.com
shenglisuoye.com
chinapopfactory.com
ynlrhd.com
liqourforyou.com
leonqamil.com
meccafon.com
online-marketing-strategie.biz
rbfxi.com
frseyb.info
leyu91.com
hotsmail.today
beepot.tech
dunaemmetmobility.com
sixpenceworkshop.com
incrediblefavorcoaching.com
pofo.info
yanshudaili.com
yellowbrickwedding.com
paintpartyblueprint.com
capricorn1967.com
meucarrapicho.com
41230793.net
yoghurtberry.com
wv0uoagz0yr.biz
yfjbupes.com
mindfulinthemadness.com
deloslifesciences.com
adokristal.com
vandergardetuinmeubelshop.com
janewagtus.com
cloudmorning.com
foresteryt01.com
accident-law-yer.info
divorcerefinance.guru
wenxiban.com
589man.com
rockerdwe.com
duftkerzen.info
igametalent.com
yoursafetraffictoupdates.review
jialingjiangpubu.com
maximscrapbooking.com
20sf.info
shadowlandswitchery.com
pmbnc.info
shoppingdrift.online
potashdragon.com
ubkswmpes.com
064ewj.info
rewsales.com
dealsforyou.tech
ziruixu.com
naehascloud.com
smokvape.faith
sunflowermoonstudio.com
stepgentertainment.com
tawbj.info
besthappybuds.net
koohshoping.com
ajikrentcarsurabaya.com
jkjohnsroofingfl.com
whatsnexttnd.com
yoyodvd.com
joomlas123.info
Targets
-
-
Target
New Order list..exe
-
Size
1.5MB
-
MD5
6126f03115798d583845ce085f04bc3c
-
SHA1
4ac8de4b7ba3de3df28b83f49d5bb40dc5323843
-
SHA256
efb235d07bd3577e3194559ee6d3d3102cba19a590fb05ae65f45a617b5a03d3
-
SHA512
d02888fea62143431dc05e80dc64b29ff6be2ffb232db65d366fbc3870eeb5e053ee3ceb80c46ded2f623a28837e3d9c594ae100e697cca4e7b0fe4ad640b620
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-