General
-
Target
bc3b7f1af580c86302a0e14d9d4c78465d367d541a40b412b77b295192c63580
-
Size
238KB
-
Sample
220520-qvctxahadq
-
MD5
b79f17c71761cda547aa9f9714b939b3
-
SHA1
7f7e9cf879c4be6470ded658cfe231d884e01c26
-
SHA256
bc3b7f1af580c86302a0e14d9d4c78465d367d541a40b412b77b295192c63580
-
SHA512
55210d4231183b0d8c6b1602a76d5c1e925daa4b7aabbc099735cb0a80672643f6e994c04971df72fe69db79747cb92b8f7d0e6fee346b44ca11f2cddae2369b
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-GIFI.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.0
q5e
cryptoxc.world
lotto18coin.net
jinfuzeneiyo.com
ekljfd.info
fundme360.com
catfishingtrickssubscribers.com
account-applerestore-help.com
macys-giveaway.site
vtwomenswellness.net
naxagoras.com
beatumcosmetic.com
pitchperfect3full.com
entertheartoffrenchliving.com
maithecat.com
skooey.com
genenv.com
projectxstream.com
liladasgupta.com
whitecloverwedding.net
zchinahu.com
hotelmondialrimini.com
yourwestsidehome.com
marathonprocessservers.com
probulus.store
thaibibi.com
bestjerseystore.com
hamiltondentalcentre.com
oneafreekainc.com
8904s8m0u8y.biz
rowdyandthepiff.com
linderlegacygroup.com
day4pt.com
mylocalsolution.net
chairmen.us
industrialriggers.net
hawaiijawsurgery.com
shaayanmadan.com
esierlifestore.com
dqmco.com
tinaceramics.com
gunluk.site
unique-promotion.com
tong1020.com
yzyx66.com
kangbaite.com
khalifaproperties.com
simtex.tech
72-game.com
motorb2b.com
footballtvlivestream.com
988qpz.com
onex8.net
laiyuansu.com
thefangroup.com
jtsmedmassages.com
solidgoldbaby.com
cometoshop.net
sexyhotgirlslivechat.com
banden-company.com
mamavickygarden.com
firstweb.top
bzylz.net
affordablevisions.com
howtomuslim.com
yofdyk.com
Targets
-
-
Target
RFQ-GIFI.exe
-
Size
325KB
-
MD5
ac10041c949e8d23e31e92ea5878808e
-
SHA1
d1d5d26b9f599b03a1e1982f2c57114752d70f2a
-
SHA256
7050254375f80a115a4a4a497bd423bcedd3b5bf2dcd8aceca58376cbc6b23a2
-
SHA512
e2b913681dad28f4bd844145a5fd070587308d7bd37e076e2698d15a34f3ecf98a0aac36177e3dbd2cde5ed0b4d71a310e64422d963c00da07180cfb34654dbd
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Suspicious use of SetThreadContext
-