General
-
Target
f466700a7f45a812f832c3d869bd6453aef3a292f3e2cccc39b18e20a3e05203
-
Size
570KB
-
Sample
220521-b945dagefj
-
MD5
197120fbf7a74115cccd479fda8ea4ab
-
SHA1
7707a427178a01fa1b3aeccee3e67b912347cdcc
-
SHA256
f466700a7f45a812f832c3d869bd6453aef3a292f3e2cccc39b18e20a3e05203
-
SHA512
a1fb4ba77783f3ac1899108f993d2adf4e8442d3d0fe1de773bd73c1a9ed994b296c98891763d135364529c8bb9544ee34fd0a6191239b17c44fb0bafe00ddae
Static task
static1
Behavioral task
behavioral1
Sample
yeni sipari?.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
kvsz
krii8it.com
etroty.com
siliconetechsolutions.com
idoukang.net
jb5w3c.download
cmvtulancingo.com
duniageo.com
therisc.com
recruitwith-rr.com
liential.com
americavolcano.win
miyario.com
theballerinashoecompany.com
43u99.com
hananoame.com
wwwglowhaus.net
crowdcoins.biz
icograda.net
fujiansoles.com
bliss-okachimachi.com
socalautobahn.com
140sy.com
digitalreceived.com
nmgwen1.com
kkpbk.info
mysticleggings.com
doubble.design
votenoissue44.com
gamingchairss.com
cccav23231.com
hautecoiffurevirginhair.com
jhucw.info
facultet.net
agriculturaldrill.com
bettingonline.info
seorowipe.com
newtampahomeloans.com
1clickapp.net
2022xx.com
freepartmanual.com
bellafacciacollection.com
auctionnecrotic.info
unico-equestrian.com
hui16st.com
aliapourvous.com
ucbhvc.info
weddingstatement.com
rahasiauang.com
historia10.com
theumbulizer.com
hemphorowhenua.net
bidrainfoage.com
flowofhealing.com
quintessence-symposium.com
yunslee.com
razayakfoods.com
aloofad.com
entrepreneurextraordinaire.net
dtxjna.info
xerpsol.com
lilihj.com
xelesthiainc.com
reikiwithnaomi.com
married-to-a-stepmom.com
regular8.info
Targets
-
-
Target
yeni sipari?.exe
-
Size
719KB
-
MD5
2209b47aae001d2bd001bfdefc337f68
-
SHA1
bb4984f3c1f8780069ec094b93668e9c45d65187
-
SHA256
ace900e217f27e8f699718623c3c2dcc7bf91337ff0ff91fc5a365a68fd7ba65
-
SHA512
d206f7aa864fce2e4592842fbd50b05ef937d756a1078884e6c19cf65adfe61e205b7e1a4f6350a503a323cda216036b7301919e7ec70aa6840edc2bed8b8ea0
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-