General
-
Target
3214e7cd557426e9574963492a10f788d059f53c08ace388341fcfed32945c36
-
Size
541KB
-
Sample
220521-a2lsdseben
-
MD5
a1599230c870d5ca9dd1770cabdd28ae
-
SHA1
1dfa74f2539523868aa8f56a51168317c5469736
-
SHA256
3214e7cd557426e9574963492a10f788d059f53c08ace388341fcfed32945c36
-
SHA512
ac02d383bdd4df2586cf42762ec5bc51a3a7586a1e8f282fa82d0b6fbc1ec309504dc38075228893bdd8e51c9264ee05a287d5aa57d87fd97c29c3c50e484366
Static task
static1
Behavioral task
behavioral1
Sample
nalog za kupovinu.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
kvsz
okashyns.com
sbsgamedaejeon-two.com
drb77.com
top5dating.com
websprings.online
voizers.com
zenith.site
lahistoriade.com
qv85.com
armandonieto.com
priestvedic.com
jessandjeff.net
magic-desktop.com
jitaji.com
ldmeili.com
yuwanqingmy.com
buzhouorg.com
chaiseloungereviews.com
m2g8way.com
freespin-support.com
bocapvang.net
315px.com
eugeniobarros.tech
sif.email
xn--oorv2aj6bj7cds0d6p4b.com
polychips.com
grouptulip.win
landbank.site
bet365c.win
inbonz.com
outofthepark.today
jeaniney.com
weeip.com
dmoneylife.com
rticlubs.com
reisedating.com
marijuanadogbone.com
funippon.com
banknotesync.com
alexandre-boissard.com
valorartetattoo.com
savetheverse.com
specificpcshop.online
h0jt1y.accountant
jiqing3.com
alfaranakle.com
saft-store.com
wanderingcollective.com
santandermobi.online
557023.top
loulancaster.com
vedattelekom.com
jatinangorcity.com
goldencanaries.com
edgaralanbro.com
levelretail.com
taylorsandbek.com
upbeatnewyork.com
motoreselectricoschihuahua.com
hotair.wales
getawomantodoit.com
xiaoxiong365.com
cloudboxsupport.com
vecteur-u-shop.com
fex-tracks.com
Targets
-
-
Target
nalog za kupovinu.exe
-
Size
715KB
-
MD5
0d38fa5f3688fd03f6ed4a1185427d9c
-
SHA1
91f943a7793eb56c425693ff7f3bfa206cc64ea2
-
SHA256
7df633d240b956e23b7328ae7121f7efc2a80090dbe38f2e0138d90084a795fe
-
SHA512
bc5eef6f6dc81583810fd073c14318414d421124620f75fa94e2c0a9035a16f9e88eae44ab3b487044d4aa54ec793af69e73be041bd1cdfec12235e217290007
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-