General
-
Target
b86196be9611b795234dff0f3d10d7d59678288391944190b189ad6fad017882
-
Size
214KB
-
Sample
220505-h9ecaafdc9
-
MD5
a3aee41648e9fa62d3bfd4db586d97ea
-
SHA1
ea6d36b400e9566964bca70e1edeeb0f096059e4
-
SHA256
b86196be9611b795234dff0f3d10d7d59678288391944190b189ad6fad017882
-
SHA512
52f6fcb224a71d0fa6aa0ab207e61b8e694f2f6c1c30d89900235e22f7f84f6ce97f675853c7eb2e5fabf7fc76a13cf030df28cb9b7cb3f10d1f85b2a071088c
Static task
static1
Malware Config
Extracted
formbook
4.1
fw02
payer-breakers.com
thesiscoper.com
rental-villa.com
scovikinnovations.com
hydh33.com
allmyshit.rest
lovejaclyn.com
vanessaruizwriting.com
dufonddelaclasse.com
kiddee168.com
monumentalmarketsllc.com
musclegainfatloss.com
avida.info
cosmo-wellness.net
dandelionfusedigital.com
oversizeloadbanners.com
konstelle.store
sdjnsbd.com
czoqg.xyz
5p6xljjse1lq.xyz
10936.loan
primeiropasso.website
salarydetector.net
the6figureshow.com
ritzluxurytransportation.com
5145.design
web3ido.xyz
starweaverdesigns.com
cbdtz.com
sunwall.xyz
ornitv.com
curateddesignsconsulting.com
businesshairways.biz
willacloud.com
accusecures.com
hl243.com
coffellc.icu
eddrugs2018.com
lidakang.xyz
salesstorecolombia.com
ilina.xyz
partieslikethese.com
peymantasnimi.com
datthocu.xyz
cybertechsolutions.xyz
findy.guru
trybes.space
arulinks.com
yuriookinoart.com
largestjerseysstore.com
fortitude-tech.com
ywfjp.com
b1v097f2avze.xyz
abdullahnazhim.com
zhaoav111.info
cegrowing.com
llaveselmuerto.com
7477e.xyz
chabusinessloans.com
ht-brain.com
app-compound.finance
0085208.com
wewinaccidents.com
ztzfirst.xyz
shishlomarket24.biz
Targets
-
-
Target
b86196be9611b795234dff0f3d10d7d59678288391944190b189ad6fad017882
-
Size
214KB
-
MD5
a3aee41648e9fa62d3bfd4db586d97ea
-
SHA1
ea6d36b400e9566964bca70e1edeeb0f096059e4
-
SHA256
b86196be9611b795234dff0f3d10d7d59678288391944190b189ad6fad017882
-
SHA512
52f6fcb224a71d0fa6aa0ab207e61b8e694f2f6c1c30d89900235e22f7f84f6ce97f675853c7eb2e5fabf7fc76a13cf030df28cb9b7cb3f10d1f85b2a071088c
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-