General
-
Target
241937fdff6aeae4c5a60bc707c331504d4b5c8df13b97ddd2e8da2107978f0e
-
Size
355KB
-
Sample
220521-dvtq7sbdcj
-
MD5
5bda56bf95a4cc0997bdb896cc581b65
-
SHA1
aa2adf240ec8373f129ee4c090c03bf254325b91
-
SHA256
241937fdff6aeae4c5a60bc707c331504d4b5c8df13b97ddd2e8da2107978f0e
-
SHA512
ddb30ab743f2cb4bbfe71afe83593548c18b65c9403d0be83341abc29008f27225b054b3f8051beb58d3996560cc283fe914e89fb16aa54504180b8400e9036a
Static task
static1
Behavioral task
behavioral1
Sample
PI 46788393.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
q5e
2177.ltd
thanxiety.com
max-width.com
fixti.net
mostmaj.com
mobilteknolojiuzmani.com
historyannals.com
wheelchairmotion.com
mossandmoonstonestudio.com
kastellifournis.com
axokey.net
peekl.com
metsteeshirt.com
abcfinancial-inc.com
btxrsp.com
amydh.com
ccoauthority.com
lumacorretora.com
kimfelixrealtor.com
iconext.biz
giftstgg.com
imonsanto.com
invoicefor.com
qfhxlw.com
wsykyy.com
gladius.network
peliculaslatino.online
timookflour.com
gxkuangjian.com
utvklj.men
rabota-v-avon.online
sheashealingway.com
thoitrangaoda.com
rytechweb.com
circuit69.com
crowd-design.biz
carosiandrhee.com
778d88.com
calvinkl.com
cjkit.com
jgkwhgxe.com
sanitascuadromedico.com
mellorangello.com
whiteinnocence.com
medtechdesignstudio.net
nurturingskin.com
guardyourweb.net
juw2017.com
jnheroes.com
damicosoftwaresystems.com
gesband.com
onwardsandupwards.info
gopropackaging.com
centerforaunts.com
sarrahshewdesign.com
intelligentcoach.net
iasisf.agency
products-news.com
calvinspring.com
100zan.site
9mahina.com
saleaustralianboots.com
floatinginfotech.com
calcinoneweek.com
yofdyk.com
Targets
-
-
Target
PI 46788393.exe
-
Size
530KB
-
MD5
1365ef23d6453fbc22a28ee56bec858b
-
SHA1
c3f1def4b65bc427e791d2e285beadf5b0dfc654
-
SHA256
773fbca16ec67d4820654e39aaa65645f8608a8f7186f12b5ed62498ff1334c6
-
SHA512
35aff0f520f713c53420644f3fb92e6037614691934939781299e1350dd290b92ed4c7d1b8e7aa4ac164b9d1ffbde98838740e0ec4ce2798b93b45d44c2b6592
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-