General
-
Target
c02f34dcea29e7a3b6901cd3e745fbae79e2ab45db6ba28569a5d3994aedde8c
-
Size
578KB
-
Sample
220521-m55qwsdba5
-
MD5
7272844cb5b923da6bd4388d739d0b9e
-
SHA1
7d44b3242ed77346482f0ab5a7925f527500b413
-
SHA256
c02f34dcea29e7a3b6901cd3e745fbae79e2ab45db6ba28569a5d3994aedde8c
-
SHA512
3fe393056acc933b2f9b8da0452fb01c36aa6957ee42fc781293de0c63bdd74c028a552ebc7720e67305d75d6078a2583cb4c2ae1c4648fe503c83e316999c8a
Static task
static1
Behavioral task
behavioral1
Sample
Invo458_Signed_.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
n8x
xn--bwwn53bbqc.net
theschooloftheinvisual.net
highseqanalysis.info
fengkuanghanyu.com
myexecutivejourney.com
rfwtje.info
amilcarspencerdemelo.com
cryptodreaming.info
astoundingvogueboutique.com
ytjulin.com
croxventure.com
panstarv.com
fatimahinayet.com
mattyboysparrow.com
dtfftfut.com
y0uhdporno.com
91av5.com
coralchau.com
f98fhr567a.info
aengion.com
motitepi.com
istpars.com
nowatakravmaga.com
tyson-vodka.com
property-hero.com
box-roi.com
weiweigl.com
xn--7or10a28bm2i532bhf2bsxh.com
itscatlove.com
stripealotco.com
direct-contact-media.com
natsigtech.net
ancbotanicals.com
fitfeature.net
andersonrealtycollc.com
yuho.ltd
tuteurs.net
ethicallyglam.com
zhailajiang.com
future-flight.com
lpfjks.com
shelleyfarm.com
allnva.com
7tkse.com
nungcat.net
solarpowerforhomeowners.com
streamwirelessco.com
julian-scheel-coaching.com
safeico.net
ukrainian-translators.com
idwebappsw21.com
skyviewterraceaw.com
penelope.film
ianimoji.com
storage-files-archive.win
gonefromthenest.com
tennesseebasket.com
np939.com
fittsecure.com
icmdhealth.com
horoscope-chinois.info
texasgatekeepers.com
luxsbags.com
entretrainers.com
artiyonq.com
Targets
-
-
Target
Invo458_Signed_.exe
-
Size
1.1MB
-
MD5
386a65d6fb3e5a13d690c20474e6c342
-
SHA1
3084a0d410b1b1ee0bc5a5308a8f65124b574e56
-
SHA256
4a5f33710715ce37a266d1848db4599be8ede6fe3f1070aa49b3bcca352f3f46
-
SHA512
e571e72487787b174c862a26ce03a3736b9f56361e091684f991821924eee2a3941664164f2714ba078cc78e178d69491610d076147f940415ca6027b8f6cea9
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-