General
-
Target
5084c2d455003df830c907939adc50ef250e7ccde99041e3f671202d1ec53c28
-
Size
438KB
-
Sample
220511-cyxftsdfa4
-
MD5
7431c0da6bae8041862806106270065d
-
SHA1
ae8611a9ec419855134f5c98999c64552029bfef
-
SHA256
5084c2d455003df830c907939adc50ef250e7ccde99041e3f671202d1ec53c28
-
SHA512
6838862dd49fcd22eb86e1475af170c94e2eea42dc3498c0e884132add9a835406729f1a678d33178a37a8b818d21e00a1cd5a1b4fe87df9e6eb2ca3273d3271
Static task
static1
Behavioral task
behavioral1
Sample
5084c2d455003df830c907939adc50ef250e7ccde99041e3f671202d1ec53c28.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
kvsz
hdlivesonlinetv24.com
illaheehillsseniorliving.com
wihong.com
christopher-cost.com
huayvipee.com
csdroped.xyz
relationsvivantes.com
xmcombohome.com
qingc2.com
sunsetcinemamusic.com
anotherheadache.com
connectlcv.com
unitermi.com
cugetarileunuisarman.com
agakegois.com
burnercouture.com
ambassador-holidays.com
schnarr-design.com
2013lang.com
httattoos.com
cleanhardinquiries.credit
jinduowei.com
despoticat.com
tclongke.com
medknizgka.com
mouowgoah.com
ehswholesale.com
sababa.club
facelift.pink
johnhall2020.com
superbahis62.com
erodea.com
dahaizhaofang.ltd
hiddenlighttattoo.com
michaelpte.com
easytradeoptions.com
jlnclub-hz.com
preciousmetals.supply
xn--9p4b887a.com
bigjbbq.com
twoamys.com
tor-one.com
freenfearlesscoaching.com
playmomknowsbest.com
maasiraq.com
michelon.solutions
shortpocketsmusic.com
pure-sonic.com
marilrealty.com
sillvoice.com
gawahrzinerbne.com
qsshop.net
globalmobilityinsights.com
psm-gen.com
stray-love.com
cjsweettreats.com
ulcforum.com
jlizf.com
guidemining.com
1440windingoakswest.com
mixedrealitycolabs.com
shealetics.com
11700.cloud
chazhentan.com
whealthypeople.com
Targets
-
-
Target
5084c2d455003df830c907939adc50ef250e7ccde99041e3f671202d1ec53c28
-
Size
438KB
-
MD5
7431c0da6bae8041862806106270065d
-
SHA1
ae8611a9ec419855134f5c98999c64552029bfef
-
SHA256
5084c2d455003df830c907939adc50ef250e7ccde99041e3f671202d1ec53c28
-
SHA512
6838862dd49fcd22eb86e1475af170c94e2eea42dc3498c0e884132add9a835406729f1a678d33178a37a8b818d21e00a1cd5a1b4fe87df9e6eb2ca3273d3271
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-