General
-
Target
c36f38554da7bc44cfd05724102b03e721bbb40e379ebf31b8d63cf07ff8f9f6
-
Size
355KB
-
Sample
220520-3vl4sscdfr
-
MD5
f16dc16710e9824bebf8b0aeb4d98202
-
SHA1
9616c51f2019d2cbdade2248e24baa589a0bffd0
-
SHA256
c36f38554da7bc44cfd05724102b03e721bbb40e379ebf31b8d63cf07ff8f9f6
-
SHA512
480e1ea259e270273b1b6fb816d2f8e0e8526cbb346bd4469210017f46b924a15e46d8113d92b5dd70b47f9d6d8d73bada7ccb06ca8beb159217717813f821cd
Static task
static1
Behavioral task
behavioral1
Sample
orden de compra.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
kvsz
okashyns.com
sbsgamedaejeon-two.com
drb77.com
top5dating.com
websprings.online
voizers.com
zenith.site
lahistoriade.com
qv85.com
armandonieto.com
priestvedic.com
jessandjeff.net
magic-desktop.com
jitaji.com
ldmeili.com
yuwanqingmy.com
buzhouorg.com
chaiseloungereviews.com
m2g8way.com
freespin-support.com
bocapvang.net
315px.com
eugeniobarros.tech
sif.email
xn--oorv2aj6bj7cds0d6p4b.com
polychips.com
grouptulip.win
landbank.site
bet365c.win
inbonz.com
outofthepark.today
jeaniney.com
weeip.com
dmoneylife.com
rticlubs.com
reisedating.com
marijuanadogbone.com
funippon.com
banknotesync.com
alexandre-boissard.com
valorartetattoo.com
savetheverse.com
specificpcshop.online
h0jt1y.accountant
jiqing3.com
alfaranakle.com
saft-store.com
wanderingcollective.com
santandermobi.online
557023.top
loulancaster.com
vedattelekom.com
jatinangorcity.com
goldencanaries.com
edgaralanbro.com
levelretail.com
taylorsandbek.com
upbeatnewyork.com
motoreselectricoschihuahua.com
hotair.wales
getawomantodoit.com
xiaoxiong365.com
cloudboxsupport.com
vecteur-u-shop.com
fex-tracks.com
Targets
-
-
Target
orden de compra.exe
-
Size
385KB
-
MD5
e496718a8033ca85b0a6ff3ea197828c
-
SHA1
6e150649bd44e3c8023589eaadd2633b09a14d81
-
SHA256
bc207dbe79daf9a2da67fd90beef3fbe5db670288fd9c1da72ccda9c65d3d028
-
SHA512
05b483ec56adef219d6e273d9b1882898121d1d3d0c3df1b87f384a2583cf4ff8189f07608f1ee4a3e6152a175dda6de1fc1bffd85071b91626ea9b2c00c6831
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-