General
-
Target
471c2bddb5ae0d5439d8f6daf2ce16ea2fcc20a114fae4a82075b7c76433d11c
-
Size
472KB
-
Sample
220521-bvv8xsced9
-
MD5
44deb1be9aef7d842e97af32f57efd46
-
SHA1
402561f86dc73f26a5e5ab9424b6f852d3e62c19
-
SHA256
471c2bddb5ae0d5439d8f6daf2ce16ea2fcc20a114fae4a82075b7c76433d11c
-
SHA512
d84f334543b14caca96cac74439c43d3f725c6fb93881207c7bdb032e2508f818a191090d130ee1043d4b4fd2e787618435f82ee35115867428e0741034a1ebb
Static task
static1
Behavioral task
behavioral1
Sample
doc56263736473648 PDF.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
p07
sgemlakdunyasi.net
xn--emhendis-75a.net
apptracker.tech
bb4h.com
izzyesq.com
adsum.digital
phylliselago.com
sellyourlistings.com
tjtdyy.com
w5ydhp.info
neurolat.info
sosecretoccultandconcealed.com
eastmount.biz
vonhiemer.com
chelseatowercondos.com
intarconnect.com
someoneask.com
knightsnorth.com
tthxlxs.com
darakandassociates.com
nfcasia.com
comprartickets.futbol
parangon-patrimoine.com
skeletnclique.com
kingdomfirstcollege-hbiu.biz
skillsbro.com
beauxproverbes.com
emioil.net
fangbianyu.com
oeclx.info
buildboks.com
worldofphotos.com
astcshop.com
digital-today-news.com
devfunking.com
thewrappiez.com
swissspaaward.net
casinos-mansion.net
3z15.com
cy1088.com
safehome-smarthome.com
miesblogi.com
hh9995.com
memphis-restaurant.com
koreansoundscape.com
statelyhomes4sale.com
ystlu.red
wethescraps.com
bigger.plus
freddiebracelet.com
bj-driver.com
gd23678.com
mountainapple.company
visco-tec.com
whapz.com
valenschool.com
lehu31.com
tsugaikepalece.com
exclusivewine.store
adatadream.com
4089999999.com
liangshihonggan.com
refurbid.com
patriciacrispino.com
sandrxy.com
Targets
-
-
Target
doc56263736473648 PDF.exe
-
Size
411KB
-
MD5
fd47ef87181d31ba882b90208ff24f98
-
SHA1
ca5160315f23ed85b065656a991d879383434d2a
-
SHA256
cc02c528f1eccf6891f5c97815c5c97560ca1c92849e35669bf061cb55e6289b
-
SHA512
309819f9e0ce39a087dd3536bb931561122f5f4b996e1d570584af2d7c40447bbb8858462e530f5d2149ced4ff7b07d10637ce595bdb229a5d56677951a0a952
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Suspicious use of SetThreadContext
-