General
-
Target
a17edecac2d18b23265bb37f240b5a8cd9eedc00ed6154f384f8ddd7e538ca88
-
Size
352KB
-
Sample
220511-c7y11sdhg2
-
MD5
aed32e73954c2d390a835e4a9d142a59
-
SHA1
e0aa4527d20f23d3975914e271f17cddfc178b69
-
SHA256
a17edecac2d18b23265bb37f240b5a8cd9eedc00ed6154f384f8ddd7e538ca88
-
SHA512
306d6ee82a5906e575e2882a8ecb880532300499029296ef5e69b1fe1000e3b0a3b224d061fee2368ee2aa788ca92d627726df350a67262b9e0d54beedb5a688
Static task
static1
Behavioral task
behavioral1
Sample
a17edecac2d18b23265bb37f240b5a8cd9eedc00ed6154f384f8ddd7e538ca88.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
kvsz
hdlivesonlinetv24.com
illaheehillsseniorliving.com
wihong.com
christopher-cost.com
huayvipee.com
csdroped.xyz
relationsvivantes.com
xmcombohome.com
qingc2.com
sunsetcinemamusic.com
anotherheadache.com
connectlcv.com
unitermi.com
cugetarileunuisarman.com
agakegois.com
burnercouture.com
ambassador-holidays.com
schnarr-design.com
2013lang.com
httattoos.com
cleanhardinquiries.credit
jinduowei.com
despoticat.com
tclongke.com
medknizgka.com
mouowgoah.com
ehswholesale.com
sababa.club
facelift.pink
johnhall2020.com
superbahis62.com
erodea.com
dahaizhaofang.ltd
hiddenlighttattoo.com
michaelpte.com
easytradeoptions.com
jlnclub-hz.com
preciousmetals.supply
xn--9p4b887a.com
bigjbbq.com
twoamys.com
tor-one.com
freenfearlesscoaching.com
playmomknowsbest.com
maasiraq.com
michelon.solutions
shortpocketsmusic.com
pure-sonic.com
marilrealty.com
sillvoice.com
gawahrzinerbne.com
qsshop.net
globalmobilityinsights.com
psm-gen.com
stray-love.com
cjsweettreats.com
ulcforum.com
jlizf.com
guidemining.com
1440windingoakswest.com
mixedrealitycolabs.com
shealetics.com
11700.cloud
chazhentan.com
whealthypeople.com
Targets
-
-
Target
a17edecac2d18b23265bb37f240b5a8cd9eedc00ed6154f384f8ddd7e538ca88
-
Size
352KB
-
MD5
aed32e73954c2d390a835e4a9d142a59
-
SHA1
e0aa4527d20f23d3975914e271f17cddfc178b69
-
SHA256
a17edecac2d18b23265bb37f240b5a8cd9eedc00ed6154f384f8ddd7e538ca88
-
SHA512
306d6ee82a5906e575e2882a8ecb880532300499029296ef5e69b1fe1000e3b0a3b224d061fee2368ee2aa788ca92d627726df350a67262b9e0d54beedb5a688
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-