General
-
Target
c9159ff175e40dca87117d9f48c89af5e096cc214b8af58da93db8cb4a75e7f4
-
Size
415KB
-
Sample
220511-c4b23sgecn
-
MD5
bdb205f2b2250970a3feb5a621f8875b
-
SHA1
bae130111494303eb686a5562e794121a8cd307f
-
SHA256
c9159ff175e40dca87117d9f48c89af5e096cc214b8af58da93db8cb4a75e7f4
-
SHA512
97c41b5369b8902bde98059038774fea618d1071423104ef05c6c0c4fed4e28a28d028dd9dfb8c76f08d12e1256bacc13e3eb2625fe817b4c8a248cdb7d0384e
Static task
static1
Behavioral task
behavioral1
Sample
c9159ff175e40dca87117d9f48c89af5e096cc214b8af58da93db8cb4a75e7f4.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
bnc
iseoguide.com
rogerellisonline.com
thephonelenses.com
reddystone.com
explorehokianga.com
miaflcio.vote
baonihaochi.com
thewiseengineer.com
exciplexinc.com
luewaeeqaredre.com
atharvatechnologysolutions.com
vnsr1234.com
nationswines.com
toaglobalcc.com
texasbusrental.com
sailfishingcostarica.com
superbuy.today
mode-paradox.com
soperlz.xyz
filterdance.com
bllck.com
cocitas.com
hiflips.com
in-unicorn.com
panduitusa.com
pradamany.com
takingcheck.com
thinlinecreations.com
trendycollectionz.com
chantalrenaud.com
bundangsvc.com
stlouisoutdooradventures.com
patcapfinances.com
online-record.com
bangbangfactory.com
zzzttt10.com
jennishewardart.com
number1texasmedium.com
organichighqualityrush.com
ja6g.com
futureballet.com
siliconchips-synctoday.com
mesotherlioma.com
wzditai.com
chemcleandw.com
changhong433sj.com
k2night.com
londonvisas.com
luxuryfloatingflat.com
dgsazeh.com
graeciantiqui.net
finehairedgirls.com
comsweetrbx.com
pcnyyxo.icu
sevilce.com
omhwywwcxorl.com
top10mindset.com
cristinaiovu.com
fcpinnovacion.com
marcelopissardini.com
scorebuddycx.com
xn--lsuoa.net
mrchensauthenticchinese.com
jesse-mansfield.com
ccminghao.com
Targets
-
-
Target
c9159ff175e40dca87117d9f48c89af5e096cc214b8af58da93db8cb4a75e7f4
-
Size
415KB
-
MD5
bdb205f2b2250970a3feb5a621f8875b
-
SHA1
bae130111494303eb686a5562e794121a8cd307f
-
SHA256
c9159ff175e40dca87117d9f48c89af5e096cc214b8af58da93db8cb4a75e7f4
-
SHA512
97c41b5369b8902bde98059038774fea618d1071423104ef05c6c0c4fed4e28a28d028dd9dfb8c76f08d12e1256bacc13e3eb2625fe817b4c8a248cdb7d0384e
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Suspicious use of SetThreadContext
-