General
-
Target
26d664ca784fb1e580452f247fcf9fa04520702309d3af5ff0a0fc222fb625eb
-
Size
425KB
-
Sample
220521-dt5r3sgch9
-
MD5
1edc7d410e58578bc8989ebc17560045
-
SHA1
2a82e336d821a1af9da94684a777ee4c13e4c406
-
SHA256
26d664ca784fb1e580452f247fcf9fa04520702309d3af5ff0a0fc222fb625eb
-
SHA512
4035643dcb52eebb60f08bbecc91ea4b040563e3385354e07d3d98861bf274242297550b82c5db3ae650ab2e7db08569d39e44ba7c01047b59e57182b8f22c7c
Static task
static1
Behavioral task
behavioral1
Sample
orden de compra.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
kvsz
okashyns.com
sbsgamedaejeon-two.com
drb77.com
top5dating.com
websprings.online
voizers.com
zenith.site
lahistoriade.com
qv85.com
armandonieto.com
priestvedic.com
jessandjeff.net
magic-desktop.com
jitaji.com
ldmeili.com
yuwanqingmy.com
buzhouorg.com
chaiseloungereviews.com
m2g8way.com
freespin-support.com
bocapvang.net
315px.com
eugeniobarros.tech
sif.email
xn--oorv2aj6bj7cds0d6p4b.com
polychips.com
grouptulip.win
landbank.site
bet365c.win
inbonz.com
outofthepark.today
jeaniney.com
weeip.com
dmoneylife.com
rticlubs.com
reisedating.com
marijuanadogbone.com
funippon.com
banknotesync.com
alexandre-boissard.com
valorartetattoo.com
savetheverse.com
specificpcshop.online
h0jt1y.accountant
jiqing3.com
alfaranakle.com
saft-store.com
wanderingcollective.com
santandermobi.online
557023.top
loulancaster.com
vedattelekom.com
jatinangorcity.com
goldencanaries.com
edgaralanbro.com
levelretail.com
taylorsandbek.com
upbeatnewyork.com
motoreselectricoschihuahua.com
hotair.wales
getawomantodoit.com
xiaoxiong365.com
cloudboxsupport.com
vecteur-u-shop.com
fex-tracks.com
Targets
-
-
Target
orden de compra.exe
-
Size
519KB
-
MD5
f54815ffc4db44ce06b3012f9d014f31
-
SHA1
2f0939b658ef735025b0c76c20c0101003076529
-
SHA256
e3262e18e77da24473b5af2117f10a3121c8ed1a832c6e1b0f5a8f0d7e5fecda
-
SHA512
76c1152640c367b4cefae86ec8c2dabc434659e29c7bcddc3a2af37c39fcf445a746021204a695f6b739d89a145331a28348cda4060c9668e2224d795505b9c7
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-