General
-
Target
236c1f89670b6e65ebe496d838b3e68cd6100570994de9dcd4ea32dd3eead793
-
Size
356KB
-
Sample
220520-3dmn1agfg9
-
MD5
77ed3c85577d2e713a789f43c57b9328
-
SHA1
a3bcdfbc2bd85cc1a1aa2c15ca5e8c4192da25b4
-
SHA256
236c1f89670b6e65ebe496d838b3e68cd6100570994de9dcd4ea32dd3eead793
-
SHA512
09d5e1c917fcad6d69dbe246afffa7cd0b82d93091121a62f4cfcce505b0fd990ba4b2d187776a3d5f63f8a07d90778b987919fe26bf5061ba663675bafa5e0b
Static task
static1
Behavioral task
behavioral1
Sample
orden de compra.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
kvsz
okashyns.com
sbsgamedaejeon-two.com
drb77.com
top5dating.com
websprings.online
voizers.com
zenith.site
lahistoriade.com
qv85.com
armandonieto.com
priestvedic.com
jessandjeff.net
magic-desktop.com
jitaji.com
ldmeili.com
yuwanqingmy.com
buzhouorg.com
chaiseloungereviews.com
m2g8way.com
freespin-support.com
bocapvang.net
315px.com
eugeniobarros.tech
sif.email
xn--oorv2aj6bj7cds0d6p4b.com
polychips.com
grouptulip.win
landbank.site
bet365c.win
inbonz.com
outofthepark.today
jeaniney.com
weeip.com
dmoneylife.com
rticlubs.com
reisedating.com
marijuanadogbone.com
funippon.com
banknotesync.com
alexandre-boissard.com
valorartetattoo.com
savetheverse.com
specificpcshop.online
h0jt1y.accountant
jiqing3.com
alfaranakle.com
saft-store.com
wanderingcollective.com
santandermobi.online
557023.top
loulancaster.com
vedattelekom.com
jatinangorcity.com
goldencanaries.com
edgaralanbro.com
levelretail.com
taylorsandbek.com
upbeatnewyork.com
motoreselectricoschihuahua.com
hotair.wales
getawomantodoit.com
xiaoxiong365.com
cloudboxsupport.com
vecteur-u-shop.com
fex-tracks.com
Targets
-
-
Target
orden de compra.exe
-
Size
423KB
-
MD5
099eb059723bc3e0b11cd0483240e7a8
-
SHA1
d61b35ba4e797cb6568d798bbb59222120f8f33e
-
SHA256
aa4fad19caeb7d4d9abd68155eee268619442c6cfc8a69c2bc337dd4efdf4b4d
-
SHA512
581d078f2dcddb03859456864c716a6053c7af4f0ed06f378304def93fafa928f0deb1edb87206815f98330c8da563b3075c6f38fc5c6f563039296d4c7fbf2f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-