General
-
Target
53b80c327454a3fb82a2b1b5eac96eeaaf91b3b309fdb4d8a3c8cc53d8ea1696
-
Size
230KB
-
Sample
220521-mmhhmsfbej
-
MD5
5b4e54d72fa3294227f9591e2cfacd89
-
SHA1
b6dd402d0ff58f6a04fd733d1c9fe0daca3d5130
-
SHA256
53b80c327454a3fb82a2b1b5eac96eeaaf91b3b309fdb4d8a3c8cc53d8ea1696
-
SHA512
2b6b95d90f501469a99a78807964c378aeb28a9c49495de578fc9f3cfb2cf9cb82ada96c674dbe585571e640d19bf29a7f7338e834913de3e18c8a3ed61c1e3d
Static task
static1
Behavioral task
behavioral1
Sample
Payment_Advice Ref_G51433980115....pdf.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
3.9
ms20
ginayjasive.net
unique-bruce.com
marcaschingonas.net
artandartistonline.com
creditcubeaa.com
jnlunwen.com
adriangallop.com
gardenmebydjnui.com
dakdekker-utrecht.com
padmatrades.com
esseconsultingllc.com
heisenlintec.com
110431.info
posseco.com
team10hoodies.site
sciencewtour.com
paigeslife.com
idea-asesoria.com
crypotland.com
862575zk.info
lowerpowerbill-hvac.com
hrdrckni.com
dfhgh.com
abrokenmind.com
unijewelsllc.com
blog88.net
loteriasquinielas.com
unitedkingdomelectric.com
xyf677.com
protonsmasher.com
humblepiemaker.com
meijiaibao.com
ftsfinishingtouchsolutions.com
hqrcmodel.com
customrenovations-pa.com
yasuo0927.com
sigmasterconsulting.com
mycryptodex.com
cocoskyline.com
balloon-china.net
handbag.ink
wwwjiudu9.com
ballstothewalls.net
tankseam.com
anitbusinessclassairfareok.live
cascstech.com
411south9thstreet.info
forestfxdc.com
ihtilalmetin2.com
northernpharma.com
rntarafashionwear.com
mejoresofertasdehoy.com
portovaapartments.com
mclufpendryszlosent.win
theradmall.com
mcsosmedia.com
ordershoesth.com
humanecareer.com
093bch.info
drericortiz.com
bahankuemurah.com
thestoryofpines.com
hebeilanyan.net
suavidadeelite.com
regulars5.com
Targets
-
-
Target
Payment_Advice Ref_G51433980115....pdf.exe
-
Size
311KB
-
MD5
419fdeab3e062e913643037511fee430
-
SHA1
3c11f5dfdae578ab1e7afb87f05acf9477ee28cf
-
SHA256
76d45ff13654988781428940dab2825a158e15679d0f1faf9615b76a2cbff4a7
-
SHA512
2c108227bb344a271dec116251796049927a4df8fa7716d1b33a20df42fe840ac4f684e3af42bb64944d882bac06c90fd2217d6052cb3523667b3b3529c29a86
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-