General
-
Target
DHL_AWB_NO#907853880911.exe
-
Size
267KB
-
Sample
220512-wx6gwsfff7
-
MD5
9d5bfa23857f350ce14dd21f0a42bd29
-
SHA1
bbf0a34b5e758b99c49f3b7e14cfe9a50c436400
-
SHA256
f0c572c44f221308ba93f1301f995c5e8056be18e5a06c0470f383f1362aa692
-
SHA512
d6396c093d64b6648d125e8c7fdd6b4e08d5b2a6bb47d088bb32157b1d27b0883c0f732a350dfe7e49e006eb15ebe68b30610c66e3776cfe1b8452026b4753f3
Static task
static1
Behavioral task
behavioral1
Sample
DHL_AWB_NO#907853880911.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
fw02
payer-breakers.com
thesiscoper.com
rental-villa.com
scovikinnovations.com
hydh33.com
allmyshit.rest
lovejaclyn.com
vanessaruizwriting.com
dufonddelaclasse.com
kiddee168.com
monumentalmarketsllc.com
musclegainfatloss.com
avida.info
cosmo-wellness.net
dandelionfusedigital.com
oversizeloadbanners.com
konstelle.store
sdjnsbd.com
czoqg.xyz
5p6xljjse1lq.xyz
10936.loan
primeiropasso.website
salarydetector.net
the6figureshow.com
ritzluxurytransportation.com
5145.design
web3ido.xyz
starweaverdesigns.com
cbdtz.com
sunwall.xyz
ornitv.com
curateddesignsconsulting.com
businesshairways.biz
willacloud.com
accusecures.com
hl243.com
coffellc.icu
eddrugs2018.com
lidakang.xyz
salesstorecolombia.com
ilina.xyz
partieslikethese.com
peymantasnimi.com
datthocu.xyz
cybertechsolutions.xyz
findy.guru
trybes.space
arulinks.com
yuriookinoart.com
largestjerseysstore.com
fortitude-tech.com
ywfjp.com
b1v097f2avze.xyz
abdullahnazhim.com
zhaoav111.info
cegrowing.com
llaveselmuerto.com
7477e.xyz
chabusinessloans.com
ht-brain.com
app-compound.finance
0085208.com
wewinaccidents.com
ztzfirst.xyz
shishlomarket24.biz
Targets
-
-
Target
DHL_AWB_NO#907853880911.exe
-
Size
267KB
-
MD5
9d5bfa23857f350ce14dd21f0a42bd29
-
SHA1
bbf0a34b5e758b99c49f3b7e14cfe9a50c436400
-
SHA256
f0c572c44f221308ba93f1301f995c5e8056be18e5a06c0470f383f1362aa692
-
SHA512
d6396c093d64b6648d125e8c7fdd6b4e08d5b2a6bb47d088bb32157b1d27b0883c0f732a350dfe7e49e006eb15ebe68b30610c66e3776cfe1b8452026b4753f3
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-