General
-
Target
145d4f7a7e4fc11b9879cd73c9c5b94b911492c73585719ac5a2373fc4c0c735
-
Size
521KB
-
Sample
220521-a6tnssedcq
-
MD5
73e3aeb8b94c9bbfff798144cf4e207b
-
SHA1
9070b4180bcb1b04c7771167b286826d7f103947
-
SHA256
145d4f7a7e4fc11b9879cd73c9c5b94b911492c73585719ac5a2373fc4c0c735
-
SHA512
92e047ba6968487cd0ca9e0c71b93ccfc1a07dbbcb0bb4135c7a05eb8754860a814e1a5e78b4e4b0f8847ebcddc9205c7a82e7d5c9366ced739b849b85ff344a
Static task
static1
Behavioral task
behavioral1
Sample
PO 089754432 c776878.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
q5e
2177.ltd
thanxiety.com
max-width.com
fixti.net
mostmaj.com
mobilteknolojiuzmani.com
historyannals.com
wheelchairmotion.com
mossandmoonstonestudio.com
kastellifournis.com
axokey.net
peekl.com
metsteeshirt.com
abcfinancial-inc.com
btxrsp.com
amydh.com
ccoauthority.com
lumacorretora.com
kimfelixrealtor.com
iconext.biz
giftstgg.com
imonsanto.com
invoicefor.com
qfhxlw.com
wsykyy.com
gladius.network
peliculaslatino.online
timookflour.com
gxkuangjian.com
utvklj.men
rabota-v-avon.online
sheashealingway.com
thoitrangaoda.com
rytechweb.com
circuit69.com
crowd-design.biz
carosiandrhee.com
778d88.com
calvinkl.com
cjkit.com
jgkwhgxe.com
sanitascuadromedico.com
mellorangello.com
whiteinnocence.com
medtechdesignstudio.net
nurturingskin.com
guardyourweb.net
juw2017.com
jnheroes.com
damicosoftwaresystems.com
gesband.com
onwardsandupwards.info
gopropackaging.com
centerforaunts.com
sarrahshewdesign.com
intelligentcoach.net
iasisf.agency
products-news.com
calvinspring.com
100zan.site
9mahina.com
saleaustralianboots.com
floatinginfotech.com
calcinoneweek.com
yofdyk.com
Targets
-
-
Target
PO 089754432 c776878.exe
-
Size
750KB
-
MD5
229dd4646e1b0f3ec0329e4638d42fae
-
SHA1
8507085efdc72cc46cdf8c71af021809efd5aa93
-
SHA256
89622e7b31d7c624d46b02fedd8c17b214e307b243c2143a1fab97e067827922
-
SHA512
bb20ff81d8849df3aa3cbacd437438e28386ca1bc559a5e720877aaf9fe3a367c5993ff98aea6af06a2048038f58142078abbeaad68bc97ef6ff83e3189a4599
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-