General
-
Target
ac23d509999ba6aeffbf49a41e104a7e876872740dbf24ccff54f5bc36ee3eb6
-
Size
14KB
-
Sample
220521-j2gywaecdm
-
MD5
9f031a71a8f4dedaff85f360942cd0b7
-
SHA1
337686652fc8aa067691eb88e00734b477ca86e5
-
SHA256
ac23d509999ba6aeffbf49a41e104a7e876872740dbf24ccff54f5bc36ee3eb6
-
SHA512
72ee3d4db1507147eeba417f0e69063a123139d9f1f2216927b006c2aa32f9aa0840ee45d74afb8b6c47b104949a9d7d05117e8a7b88bad478fb45521862b42d
Static task
static1
Malware Config
Extracted
formbook
4.1
s4s9
qianyuandianshang.com
bernardklein.com
slhomeservices.com
findasaas.com
janellelancaster.xyz
umkpro.site
nr6949.online
mersquare.club
lanariproperties.com
3rdeyefocused.com
giftexpress8260.xyz
hilleleven.xyz
beajod.com
kosazs.online
ishare.team
mb314.com
xjjinxingda.com
ayekooprojectamazing.com
ballsybanter.com
todayshoppingbd.com
recomdietvl.store
zakladmalarstwa.com
bj-ours.com
hubwealth.com
watchmyreview.com
sallyliddicoat.com
eventiliveitalia.com
worldchannelconference.com
suciptahadi.online
ksht5566.com
topfastcashsystemwebshop.com
eyeiieyetv.com
thewarchannel.net
valorousgamers.com
vip01ytre.xyz
szec.tech
233365.xyz
specialroute.net
eugenachase.com
pikoulas.com
shorter-658423.site
win8856.com
burleyqpersianscom.com
sidetrackedmusic.com
chungketvinhomesspotlight.com
qiange.site
motconsultant.com
yottatic.com
usaprostatecenter.com
putovanjazasve.com
kozykornerpizza.com
hainpore.com
52appmj.com
albanyskylights.com
keropy.xyz
infosecrety.xyz
ethlogo.com
labohack.com
veridiumid.xyz
gaylebong.com
rsmegastore.com
janschlesinger.com
cshong-ya.com
shopevix.com
preciousssllc.net
Targets
-
-
Target
ac23d509999ba6aeffbf49a41e104a7e876872740dbf24ccff54f5bc36ee3eb6
-
Size
14KB
-
MD5
9f031a71a8f4dedaff85f360942cd0b7
-
SHA1
337686652fc8aa067691eb88e00734b477ca86e5
-
SHA256
ac23d509999ba6aeffbf49a41e104a7e876872740dbf24ccff54f5bc36ee3eb6
-
SHA512
72ee3d4db1507147eeba417f0e69063a123139d9f1f2216927b006c2aa32f9aa0840ee45d74afb8b6c47b104949a9d7d05117e8a7b88bad478fb45521862b42d
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Suspicious use of SetThreadContext
-