General
-
Target
68527014856bd500a522a073f6aa516a0afa39ceca0753eca03db7fbdfb8153b
-
Size
1.1MB
-
Sample
220508-xq9reaafer
-
MD5
f7bcec35aa9f94f7f4ed41a8455861e4
-
SHA1
ac291564d2148ae73cab663ced37a915b4eef2a3
-
SHA256
68527014856bd500a522a073f6aa516a0afa39ceca0753eca03db7fbdfb8153b
-
SHA512
1ef214c6bb3606bb9b1e46c4908d7b7bf3e52a18f564bb7b9eab4133a0e6d22fba4758540410b9adb171795c85b56fc7774efb9007e5c73cd3ea9260150ff9b1
Static task
static1
Behavioral task
behavioral1
Sample
Mensaje SWIFT.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
n7ak
audereventur.com
huro14.com
wwwjinsha155.com
antiquevendor.com
samuraisoulfood.net
traffic4updates.download
hypersarv.com
rapport-happy-wedding.com
rokutechnosupport.online
allworljob.com
hanaleedossmann.com
kauai-marathon.com
bepbosch.com
kangen-international.com
zoneshopemenowz.com
belviderewrestling.com
ipllink.com
sellingforcreators.com
wwwswty6655.com
qtumboa.com
bazarmoney.net
librosdecienciaficcion.com
shopmomsthebomb.com
vanjacob.com
tgyaa.com
theporncollective.net
hydrabadproperties.com
brindesecologicos.com
sayagayrimenkul.net
4btoken.com
shycedu.com
overall789.top
maison-pierre-bayle.com
elitemediamasters.com
sharmasfabrics.com
hoshamp.com
myultimateleadgenerator.com
office4u.info
thaimart1.com
ultimatewindowusa.com
twoblazesartworks.com
airteloffer.com
shoupaizhao.com
741dakotadr.info
books4arab.net
artedelcioccolato.biz
tjqcu.info
teccoop.net
maturebridesdressguide.com
excelcapfunding.com
bitcoinak.com
profileorderflow.com
unbelievabowboutique.com
midlandshomesolutionsltd.com
healthywithhook.com
stirlingpiper.com
manfast.online
arikorin.com
texastrustedinsurance.com
moodandmystery.com
yh77808.com
s-immotanger.com
runzexd.com
meteoannecy.net
joomlas123.info
Targets
-
-
Target
Mensaje SWIFT.exe
-
Size
1.6MB
-
MD5
e33828622c9d953e1e5ad7a3b16d2b77
-
SHA1
c15e6c76cc4448a4f27ade1a70c4aaf2486503e6
-
SHA256
2f05200e09f38d2197fb48d265bcd4d050131f688ce51cf86478192df100d675
-
SHA512
903e518f4b481c13a10eef062a0499c72ff810dd1a3f0dad620cb5fa4b5b6cb244db999d09f7813e020b4fb24c54522f067903c60829d0f7f6c3a1c7a492d86f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-