General
-
Target
92a841c1968bcbb08c081fa2df12d16e4a8011a49600c501cc49ffbe9360e8d5
-
Size
1.0MB
-
Sample
220508-xq61hsafep
-
MD5
2918f797cdf98fa40cf9508a43cb44b3
-
SHA1
e0ce17e9c81d0aee6fd6f2a0c3793a19f98708ab
-
SHA256
92a841c1968bcbb08c081fa2df12d16e4a8011a49600c501cc49ffbe9360e8d5
-
SHA512
b7429dc86e00e9ff01b37bc4723b40a92d860ac6e95b4c9deefb0bd7ad39e3a8d34844cb81af67ec5c0a0585afbdfcf0a1004cc765c6ff49c5e86f692c4ac6cb
Static task
static1
Behavioral task
behavioral1
Sample
odeme SWIFT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
odeme SWIFT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
formbook
4.1
n7ak
audereventur.com
huro14.com
wwwjinsha155.com
antiquevendor.com
samuraisoulfood.net
traffic4updates.download
hypersarv.com
rapport-happy-wedding.com
rokutechnosupport.online
allworljob.com
hanaleedossmann.com
kauai-marathon.com
bepbosch.com
kangen-international.com
zoneshopemenowz.com
belviderewrestling.com
ipllink.com
sellingforcreators.com
wwwswty6655.com
qtumboa.com
bazarmoney.net
librosdecienciaficcion.com
shopmomsthebomb.com
vanjacob.com
tgyaa.com
theporncollective.net
hydrabadproperties.com
brindesecologicos.com
sayagayrimenkul.net
4btoken.com
shycedu.com
overall789.top
maison-pierre-bayle.com
elitemediamasters.com
sharmasfabrics.com
hoshamp.com
myultimateleadgenerator.com
office4u.info
thaimart1.com
ultimatewindowusa.com
twoblazesartworks.com
airteloffer.com
shoupaizhao.com
741dakotadr.info
books4arab.net
artedelcioccolato.biz
tjqcu.info
teccoop.net
maturebridesdressguide.com
excelcapfunding.com
bitcoinak.com
profileorderflow.com
unbelievabowboutique.com
midlandshomesolutionsltd.com
healthywithhook.com
stirlingpiper.com
manfast.online
arikorin.com
texastrustedinsurance.com
moodandmystery.com
yh77808.com
s-immotanger.com
runzexd.com
meteoannecy.net
joomlas123.info
Targets
-
-
Target
odeme SWIFT.exe
-
Size
1.6MB
-
MD5
586e761b6f03a2ea904ca2b3c8ad24e2
-
SHA1
34893070fbd5fa441bdff1313c20793c25d1e7c0
-
SHA256
199533f77cb4331908a90346f24610888ef42d6dd2f9866b733752426702e737
-
SHA512
67058f6f9932d17bffefa2c6780b85f4c7fc731addbf15df4cff694e0067d29833103e23315a5c767f0cd4a6bd5ac810519b86760142caf78c49e21d47013a9e
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-