General
-
Target
eb45c875c40e2da4a282032e52435a2f53225ee6f05e2ec109d246753151105e
-
Size
274KB
-
Sample
220521-ccc53agfer
-
MD5
41950b2f7533691ef44ddf93138e4869
-
SHA1
344c42ea10cb7192182d876054aec658a9dc0481
-
SHA256
eb45c875c40e2da4a282032e52435a2f53225ee6f05e2ec109d246753151105e
-
SHA512
08c2737d2214f61e96fbcdce1648a36a48aef43cd3b45d8a1aaed00d218fcf25d4a8114b015f4506ff1caf48dc4d155923d8d804bd510fb353abb6476bb357ea
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order 77809 for acknowledgment.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
3.9
y22
hashafriyat.com
autoaccessorieshub.com
simelautomazioni.com
bulkappothecary.com
streaminglowcost.com
pixelraps.com
yyy9928.com
pigmansion.net
keyunix.com
bjbangshou.com
mindfulrace.com
fibuv.life
cambridgedesignpartnership.com
plumbeus.com
somebodydial911.com
atrishq.com
circcountry.com
ellenandjames.info
jeeprevivalstore.com
thetouchofjo.com
mafiarpg.net
friendlyticketsthailand.com
thenakedcurry.com
homylandriversidequan2.net
gastrojaviercervantes.com
edingtonresearch.com
leipzigtech.com
utragroup.com
elhayedoleondormido.com
introconnex.com
selectrucksofnashville.net
sunflowercelebrations.com
nightravenfilms.com
tentinytoessiliconenursery.com
www124588.com
tuimagenia.com
mychadaha.com
strategy.gold
fallbrookfarmboys.com
itsanatomic.com
tachra-seo.com
any.ltd
daugoihathuo.com
954964.com
hisrb.com
digitalassetsroundtable.com
dsallneartwhe.win
opencoffeenetwork.com
baloneymaloney.com
acnespray.net
quanningdq.net
prefre.com
agenslots.net
eqpaenxfsf.info
luckysevencasinoparties.com
befitbehealthybeyou.com
plus-academy.net
haiygt.com
etonnefragrances.com
hochbegabungstestung.online
4008825728.com
tracthomesmorenovalley.com
iptvitaliaondemand.com
allaboutcopd.com
slacktracks.info
Targets
-
-
Target
Purchase Order 77809 for acknowledgment.exe
-
Size
329KB
-
MD5
aa1570f6ee9ebb50240940d88401c8e4
-
SHA1
b71b7448f02c4f0214d554ff5745671d24707e41
-
SHA256
3f6ad3dcf88dadcb9c392ca1aac7c3bc063f22c56e5a1f5c568701da6063f950
-
SHA512
dad0474addd1dc526068155ba5450a870c35da3fd69c51fc7ef595656a707275033b8a646f48f6ce0331167668f61909312c1ff6dee386345ebff26879b46164
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-