General
-
Target
e58c9f4df9489046914307a021fc4a4069b00cba9e95092748b05ddf75fc1408
-
Size
385KB
-
Sample
220520-ry9hqagfh9
-
MD5
b72483f25e1f3f89bc98fbd15556ecc8
-
SHA1
a4c395dcb310ddaf7e1c6397dc91e56e8f66323f
-
SHA256
e58c9f4df9489046914307a021fc4a4069b00cba9e95092748b05ddf75fc1408
-
SHA512
03f8fee3d5d0454bbf207294e2d2f258958ae264279c30eeb76be70b02fd8187bfbfc281e126968267cdc05e578677ac293b0e868a0ba9568214e6ff3ee49373
Static task
static1
Behavioral task
behavioral1
Sample
sartname.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
n7ak
audereventur.com
huro14.com
wwwjinsha155.com
antiquevendor.com
samuraisoulfood.net
traffic4updates.download
hypersarv.com
rapport-happy-wedding.com
rokutechnosupport.online
allworljob.com
hanaleedossmann.com
kauai-marathon.com
bepbosch.com
kangen-international.com
zoneshopemenowz.com
belviderewrestling.com
ipllink.com
sellingforcreators.com
wwwswty6655.com
qtumboa.com
bazarmoney.net
librosdecienciaficcion.com
shopmomsthebomb.com
vanjacob.com
tgyaa.com
theporncollective.net
hydrabadproperties.com
brindesecologicos.com
sayagayrimenkul.net
4btoken.com
shycedu.com
overall789.top
maison-pierre-bayle.com
elitemediamasters.com
sharmasfabrics.com
hoshamp.com
myultimateleadgenerator.com
office4u.info
thaimart1.com
ultimatewindowusa.com
twoblazesartworks.com
airteloffer.com
shoupaizhao.com
741dakotadr.info
books4arab.net
artedelcioccolato.biz
tjqcu.info
teccoop.net
maturebridesdressguide.com
excelcapfunding.com
bitcoinak.com
profileorderflow.com
unbelievabowboutique.com
midlandshomesolutionsltd.com
healthywithhook.com
stirlingpiper.com
manfast.online
arikorin.com
texastrustedinsurance.com
moodandmystery.com
yh77808.com
s-immotanger.com
runzexd.com
meteoannecy.net
joomlas123.info
Targets
-
-
Target
sartname.exe
-
Size
1.2MB
-
MD5
c1f3c9e997f8bb5f646d3159cc034f63
-
SHA1
2d33cd7d13efb4c1b91ac70eb71ece327a80583c
-
SHA256
784e7f732ce32eec8f01959777f45b1393c6528da49bc92cd2da41890f7798f6
-
SHA512
73577f0b431277771a1a4a2ae6a9f1bfbe557178488e934712f37a2582def76a9efdcaf6a8bb307668e0c8adce74d6ea76e3d89ad126cd64f543a0ee35f16aa3
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-