General
-
Target
ec4bc9d88a6dd7070ebfd8fad799fccd0dd248780a051b0837fe8eddfd189eb1
-
Size
1.2MB
-
Sample
220520-16gmcahhbj
-
MD5
9ff874d015bbdc6e2fb5eb25f0e87413
-
SHA1
e7a12a434d1541534e42845af88335c37f1bfcc7
-
SHA256
ec4bc9d88a6dd7070ebfd8fad799fccd0dd248780a051b0837fe8eddfd189eb1
-
SHA512
1771e62be58da075ddcd4e2ca44fe3e6a7e8090d342a407c5f7456510d5347e8863ec3a40a2b79fcdad9339bbe17d04d727fcd6f2ffa35193e712cea8a12c1a1
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATIO.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
dmn
sadelwatterson.com
iwanttodesignforlitmus.com
familytelco.com
underphone.com
tongyouqu.com
measureuplive.com
550754.top
habermanforcongress.com
elevateyourexit.live
megapolitique.com
annelegrand.design
geotourconsult.com
dahanhg.com
lailaisong.com
selcenkocak.com
jcvsq.com
jhn2.com
mimo103.com
baytownbounce.com
justanothercritic.com
liuhe093.com
managementpartner.net
juventudfronterizarecuerda.com
heavennailsstudio.com
charlesmultimedia.com
798726.com
stephanielysebrennan.com
returnofthegadgets.com
download-ap.com
lorenzocoscarelli.com
downloadoe.com
44brcl.biz
hopesouthsafaris.net
thelearningboost.com
electronicsurgery.ltd
jlwwj.com
firstmilecare.com
takemap.com
dope.support
harlowandeverett.com
iccmembers.com
pbcalendar.com
lisalakinky.com
aichonghome.com
blueeyesbeauty.info
zanzibaricuisine.com
dagym4.info
eminemlak.net
buildwithsequence.com
wordpress-hosting-123.com
onestopteespot.com
seosueengine.party
www006345.com
jd9545.com
urbanpantherfinancial.com
lygj8899.com
quanqiugangs.com
toneri.online
hbxyyl8.com
northwoodmgt.com
heipigo.com
fatihcinaremlak.com
koreagim.net
webcheckq.com
lonxer.com
Targets
-
-
Target
QUOTATIO.EXE
-
Size
548KB
-
MD5
f47260278fdefc14190e08fea301753b
-
SHA1
28ddee1b6b033c57e8ce033db930fd7a403acdf2
-
SHA256
6f9973f8abd9e5fb811ccb04db4fc7063fb01623edd3f53e9a8a20e352ffa8ba
-
SHA512
3d6e37816c77c86c9137fe1d5d38155d8882d85bedb6dddf49ed64235fae9485a5b0c0e3ad75dbd62b621d1f67b0c26805202afd51f5c7f867a8ecefafb21579
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Suspicious use of SetThreadContext
-