General
-
Target
315e737738df8faaeeb36c8fb6c692a18179675dcd4648a1dc982678e46f8f7c
-
Size
733KB
-
Sample
220511-rf8hpscbep
-
MD5
a2225e6ddb8ca51732c83c66f1af9f6f
-
SHA1
bb49ebe5e22ffb213d5f25f8c4dbafff6487ab66
-
SHA256
315e737738df8faaeeb36c8fb6c692a18179675dcd4648a1dc982678e46f8f7c
-
SHA512
18414dff21d71926cc20148efae5f45b49b1a3550dedaad911f1f5f4dc8e91626f6b2610a9801fd3fca5285a6329277714cae52b9c7cba31a276f0f0fd3b3376
Static task
static1
Behavioral task
behavioral1
Sample
315e737738df8faaeeb36c8fb6c692a18179675dcd4648a1dc982678e46f8f7c.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
kvsz
hdlivesonlinetv24.com
illaheehillsseniorliving.com
wihong.com
christopher-cost.com
huayvipee.com
csdroped.xyz
relationsvivantes.com
xmcombohome.com
qingc2.com
sunsetcinemamusic.com
anotherheadache.com
connectlcv.com
unitermi.com
cugetarileunuisarman.com
agakegois.com
burnercouture.com
ambassador-holidays.com
schnarr-design.com
2013lang.com
httattoos.com
cleanhardinquiries.credit
jinduowei.com
despoticat.com
tclongke.com
medknizgka.com
mouowgoah.com
ehswholesale.com
sababa.club
facelift.pink
johnhall2020.com
superbahis62.com
erodea.com
dahaizhaofang.ltd
hiddenlighttattoo.com
michaelpte.com
easytradeoptions.com
jlnclub-hz.com
preciousmetals.supply
xn--9p4b887a.com
bigjbbq.com
twoamys.com
tor-one.com
freenfearlesscoaching.com
playmomknowsbest.com
maasiraq.com
michelon.solutions
shortpocketsmusic.com
pure-sonic.com
marilrealty.com
sillvoice.com
gawahrzinerbne.com
qsshop.net
globalmobilityinsights.com
psm-gen.com
stray-love.com
cjsweettreats.com
ulcforum.com
jlizf.com
guidemining.com
1440windingoakswest.com
mixedrealitycolabs.com
shealetics.com
11700.cloud
chazhentan.com
whealthypeople.com
Targets
-
-
Target
315e737738df8faaeeb36c8fb6c692a18179675dcd4648a1dc982678e46f8f7c
-
Size
733KB
-
MD5
a2225e6ddb8ca51732c83c66f1af9f6f
-
SHA1
bb49ebe5e22ffb213d5f25f8c4dbafff6487ab66
-
SHA256
315e737738df8faaeeb36c8fb6c692a18179675dcd4648a1dc982678e46f8f7c
-
SHA512
18414dff21d71926cc20148efae5f45b49b1a3550dedaad911f1f5f4dc8e91626f6b2610a9801fd3fca5285a6329277714cae52b9c7cba31a276f0f0fd3b3376
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-