General
-
Target
1f7fab26098e805c651f1c6fdbbfb99e1d1de4cf0c4564d0ff460aae879d815a
-
Size
230KB
-
Sample
220520-qt4k8seah6
-
MD5
a191e2b46788dc477b0c2bc8a52ef502
-
SHA1
6e23d973f003cc9b73b8a98dcb01c4f9983366a6
-
SHA256
1f7fab26098e805c651f1c6fdbbfb99e1d1de4cf0c4564d0ff460aae879d815a
-
SHA512
7519ec7f52a373dd3898e9a5847961442fa29f96b97a1305c225b2ad1edc0fb02149bb0f894f20ca4392b86fa12a803ef459e268fb3bff52a0c63ed2360aba96
Static task
static1
Behavioral task
behavioral1
Sample
order SEC.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.0
g8u
stuition.com
mj-sculpture.com
cannatainmentevents.com
dianjintang.com
rmlusitania.info
effet-spiruline.com
flatheme.com
supergaminator-vip.com
craftyourmagic.com
lakai.ltd
electionshawaii.com
iqpdct.com
thebestfourstarhotels.com
satoshiceo.com
saintmartiner.com
brothersmarinetoronto.com
citicoin.online
scentsationalsniffers.com
hellonighbourgameees.com
displayonline-france.com
cait-compare.com
aprenderoratoria.com
stehtisch24.com
cocktailandcocktalk.com
hybridtablesaw.com
ynnkfs.com
capitolman.com
xccomm.com
dannyhustle.com
9jiuhao.com
ossigenopoliatomicoliquido.biz
casayards.com
hotelmesonreal.com
lffcfftl.com
raiserobo.com
ssav33.com
oceanicmarinerisks.com
star-fairtrading.com
universecoolest.com
www8557v.com
reparaciones-ordenadores.com
residenteyecarepa.com
x-hom.com
finestsalon.com
xn--n8jydrczh8g7f7a7lp527d.com
dallasfortworthseopro.com
talentsplanner.com
gdmen.com
life-insurer-zone.live
tunnelrobot.com
vietnamexport.net
inlishui.site
inaneufeld.com
sleepingsling.com
huaian.ltd
iluxol.com
mahavirjwellersnoida.com
fastaskme.men
rsinsur.com
datingevo.com
bringmesomething.online
banjiasanti.com
zhixinchain.net
medifloors.com
tromagy.com
Targets
-
-
Target
order SEC.exe
-
Size
303KB
-
MD5
d0b89f322dfa77b6a13aabf7f7984f87
-
SHA1
81d40efb20f6dbfdb8e14a87c57d26b5dc9217d9
-
SHA256
228e2e5ff30fec5cdde918f48e98664d9bf1f77f550666baa21208ca9b047af4
-
SHA512
ee98f698267f78abe777276a6853f17499098f9de546ee87ccd4eafd1bc361a0340625a0a9defb11380396297f5fb3200fba14822571618574e127403a88930e
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-