General
-
Target
24528e0947a93e6d8d930a10c2027ae6c5b9505a4267c2c4b2b96e7fcf2a68b8
-
Size
1.2MB
-
Sample
220521-m9dszadce7
-
MD5
1860f23b3a2224d9d70f8876b1b8ac78
-
SHA1
49d4979a90323c4534e164fd0f68e571c923eb9e
-
SHA256
24528e0947a93e6d8d930a10c2027ae6c5b9505a4267c2c4b2b96e7fcf2a68b8
-
SHA512
54bbc0674466b12e67ba46e12ef97174e483bf136517682a7aeb4ab308d85caabda7a3b6118f2d2a066faff7d1be455210eed4fb914977591d04ba0dfc05a99e
Static task
static1
Behavioral task
behavioral1
Sample
01986720202889_pdf.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
3.9
gm1
802477.com
theclippersofficial.com
mysticadventuresails.com
joshkaeding.com
www4915a.com
nicolasdumasxiii.com
transbagasputra.com
motherdaughter.date
truflorawellness.com
ff1q.com
elettronicasmart.com
obtes.com
pfamkyr.com
9ycpbr.info
gtitdunproductions.com
mashreviews.com
methvenonthemove.com
jinshavip38.com
theedgebizconnect.com
jessandalextietheknot.com
vallleylnd.net
w.mom
formacionparaelexito.com
robinruhmel.com
annualtransmission.technology
nazitube.com
executiveliontamer.com
411hotwire.com
sendoba.com
xnyppw.com
un4mo.com
pepper.guide
novaeramotoboysportoalegre.com
limper.net
cloudyans.com
atomicyou.com
jentang.com
hylg6.com
laperamordidablog.com
mannionexpertseniorcare.com
009cb.com
azasianow.com
intera-canada.com
bladexpo.com
affinityhomeinspectionpro.com
purrfectlynoble.com
3lmktgsvc.com
babooneh.net
sholarshyp.com
startboostcapital.com
pamhomedaycare.com
homecoralgables.com
q83pfq.biz
100fwq.com
incmint.com
k-pagador.com
stoxcrypto.com
sketchgecko.com
myweddingbeautiful.com
playgroundcareer.com
suite5digital.com
fristcreditunion.com
astonfly.info
www750456.com
glamotd.com
Targets
-
-
Target
01986720202889_pdf.exe
-
Size
1.7MB
-
MD5
0cf7425537bc937147f3e4bb528c0c4d
-
SHA1
2c57146f7279944ef474beaf700efc36a438cbe8
-
SHA256
72e42f1672249fbd4db20c17d5e29fba5838ef08cf0f6964d84ffc434ea46f27
-
SHA512
1cffc1cb1752d04a9422b723141373b804b3012b6e1c54b49ab6e25ad5b11cebfe522a11c86e44e27af97b21b96c1fc766c99f68b4afdef75fef4d82b38995c7
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-