General
-
Target
1d65e497a5fd1c02c83a04fba5cd07130ac17bda7b476ee70a0bf8202eed4be5
-
Size
274KB
-
Sample
220521-bkrsracab6
-
MD5
18a6ac01533cce7b53a04314810349c1
-
SHA1
76024516e9c136bc0639e0f2f0e337940496c46c
-
SHA256
1d65e497a5fd1c02c83a04fba5cd07130ac17bda7b476ee70a0bf8202eed4be5
-
SHA512
94aad85c5df3b9bfccac5f6a089ff859fbd42e593461009e5714963313974216e9333478fe4eacc45636ecfb3559f9f8d74dac2f7ef6c0db1a035f28ce7f09c9
Static task
static1
Behavioral task
behavioral1
Sample
muestras de productos.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
n7ak
audereventur.com
huro14.com
wwwjinsha155.com
antiquevendor.com
samuraisoulfood.net
traffic4updates.download
hypersarv.com
rapport-happy-wedding.com
rokutechnosupport.online
allworljob.com
hanaleedossmann.com
kauai-marathon.com
bepbosch.com
kangen-international.com
zoneshopemenowz.com
belviderewrestling.com
ipllink.com
sellingforcreators.com
wwwswty6655.com
qtumboa.com
bazarmoney.net
librosdecienciaficcion.com
shopmomsthebomb.com
vanjacob.com
tgyaa.com
theporncollective.net
hydrabadproperties.com
brindesecologicos.com
sayagayrimenkul.net
4btoken.com
shycedu.com
overall789.top
maison-pierre-bayle.com
elitemediamasters.com
sharmasfabrics.com
hoshamp.com
myultimateleadgenerator.com
office4u.info
thaimart1.com
ultimatewindowusa.com
twoblazesartworks.com
airteloffer.com
shoupaizhao.com
741dakotadr.info
books4arab.net
artedelcioccolato.biz
tjqcu.info
teccoop.net
maturebridesdressguide.com
excelcapfunding.com
bitcoinak.com
profileorderflow.com
unbelievabowboutique.com
midlandshomesolutionsltd.com
healthywithhook.com
stirlingpiper.com
manfast.online
arikorin.com
texastrustedinsurance.com
moodandmystery.com
yh77808.com
s-immotanger.com
runzexd.com
meteoannecy.net
joomlas123.info
Targets
-
-
Target
muestras de productos.exe
-
Size
544KB
-
MD5
085e4e06334e8dbab10d45a5dd96c72e
-
SHA1
b665738b4fb841dd02699df85f6ba4cb7b2ad2b9
-
SHA256
9b9931b133a5a15ee73de2ffd8b6f2f7b80e834cf4a3cf17f030c479b21abf9b
-
SHA512
c9b5b9ecffc09a2f11a866c6a0264e3687495bda69c4a728a113535b1f9fa008f944eb4d1a50601423ccdb8e329ea6ece9db26e108268efbad1537de6976057a
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-