General
-
Target
930ce81bea6819c32ad02f82e331f62c1339dcc0df585dc5b7c9dc06165eb1e0
-
Size
620KB
-
Sample
220521-aexldaabc8
-
MD5
7b2d13d490b4cff7637b9cdc3cc505e1
-
SHA1
e2abe36f6bdaca34179f07536c797f416d7f5e62
-
SHA256
930ce81bea6819c32ad02f82e331f62c1339dcc0df585dc5b7c9dc06165eb1e0
-
SHA512
530526c0e5fe4bbd2c9cb3661f7e8d445363f1f11bf5c087523b4aef4c30af064c64b6d1888e871b048b207263dbe7ad8704a6a52d3ce73673d232cafe9ddabd
Static task
static1
Behavioral task
behavioral1
Sample
yeni sipari? sorgulama.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
kvsz
okashyns.com
sbsgamedaejeon-two.com
drb77.com
top5dating.com
websprings.online
voizers.com
zenith.site
lahistoriade.com
qv85.com
armandonieto.com
priestvedic.com
jessandjeff.net
magic-desktop.com
jitaji.com
ldmeili.com
yuwanqingmy.com
buzhouorg.com
chaiseloungereviews.com
m2g8way.com
freespin-support.com
bocapvang.net
315px.com
eugeniobarros.tech
sif.email
xn--oorv2aj6bj7cds0d6p4b.com
polychips.com
grouptulip.win
landbank.site
bet365c.win
inbonz.com
outofthepark.today
jeaniney.com
weeip.com
dmoneylife.com
rticlubs.com
reisedating.com
marijuanadogbone.com
funippon.com
banknotesync.com
alexandre-boissard.com
valorartetattoo.com
savetheverse.com
specificpcshop.online
h0jt1y.accountant
jiqing3.com
alfaranakle.com
saft-store.com
wanderingcollective.com
santandermobi.online
557023.top
loulancaster.com
vedattelekom.com
jatinangorcity.com
goldencanaries.com
edgaralanbro.com
levelretail.com
taylorsandbek.com
upbeatnewyork.com
motoreselectricoschihuahua.com
hotair.wales
getawomantodoit.com
xiaoxiong365.com
cloudboxsupport.com
vecteur-u-shop.com
fex-tracks.com
Targets
-
-
Target
yeni sipari? sorgulama.exe
-
Size
813KB
-
MD5
645876569da3612ca1ccef31d94c348d
-
SHA1
6af515a9cd19b313223e52d0ab20b4405b184820
-
SHA256
6d176caf6c21bdc47aa0ee2e6e42f37d2f4c4a810af40dd7343da25cfd306bd5
-
SHA512
d002461b4c0c87cfffdecde830b3bd1b319fff7866a0b15d07ed6e342f60f657f396a15a38e01c70216b9ea20f02f39797449f97ac3a80ed4421d091074b6b84
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-