General
-
Target
BG032442552676.zip
-
Size
560KB
-
Sample
220505-g5f5msabaj
-
MD5
a07e6fa72fed053ae43c7d72f5d8f592
-
SHA1
8c1967c71712765c3f21fe7e9cf4d084da7622b6
-
SHA256
b77167ef1dbe1ee6dcf7aef23a4b47087bf229237612ed5ca6f01c2cb2a28b3e
-
SHA512
b0a1f76b5cec64fb097257958396aa9985179751bdecee87fa2147e1c50151209b5629637b8c294940759cd3c9f65dd857c2e8ebb8f821a0b53b40e7bcad0bb8
Static task
static1
Behavioral task
behavioral1
Sample
BG032442552676.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BG032442552676.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
formbook
4.1
3nop
videohm.com
panache-rose.com
alnooncars-kw.com
trueblue2u.com
brussels-cafe.com
ip2c.net
influenzerr.com
rbcoq.com
zzful.com
drainthe.com
sumaholesson.com
cursosaprovados.com
genotecinc.com
dbrulhart.com
theapiarystudios.com
kensyu-kan.com
dkku88.com
tikhyper.com
aztecnort.com
homebrim.com
infinitilamp.com
leelegantflower.com
floor-space.investments
vidasustentavel.online
wholehearteddaughters.com
vipandeep.com
mdwovzrrm.icu
592215.com
academicplumbing.com
bestveganbook.com
theservantleader.com
nazarickdeveloper.xyz
delta-wing.com
girlfriendsgarb.com
sezyz11.com
ca3construction.com
smartswitchhomeloan.net
luckytwo.agency
ministry-of-barbers.com
babbageacademy.com
informationside.com
packapp.net
spacecoasthondaevent.com
thehealthyimmunereset.com
pjcavaliere.info
trebdurham.com
zhixintonghe.com
gon2580.com
dottproject.net
snakby.com
keeponsports.com
debbiewilsondesigns.com
stagingsolutionsgroup.com
forummondialdelamerbizerte.com
garnier.red
tempestchs.com
zpxinxi.com
jam-nins.com
inclusiocg.com
msmenders.com
whachupichu.com
pursemore.com
thebusinessfitclub.com
scootgotti.com
jakesplacebarbers.com
Targets
-
-
Target
BG032442552676.exe
-
Size
1.1MB
-
MD5
69d7fd7b1cc3a2517941731fb9c3aa2c
-
SHA1
70e96be6d19db9218684b29882e424e877071db4
-
SHA256
b8866409889805cd3132c7f3db0d02294eb25e747e0e095e913e2d75d437df59
-
SHA512
72ec387553a61718d8105b7ea9141c38edca49364616c9d0ce86b366c19ef75a4112be7d292dc7193077432cc353612a0539fcc349164efeec423d2e4c4a1d19
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
ModiLoader Second Stage
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-