General
-
Target
8b32a471a19e78217ba94e7663567c3b1b1d86090df2febfb00bc2bd76b1e66a
-
Size
465KB
-
Sample
220521-mzqpsafhbp
-
MD5
8db140849e3c8d9b212671d45702096c
-
SHA1
5989545dc4ba8c40d450948ad68cbad820a4b2bd
-
SHA256
8b32a471a19e78217ba94e7663567c3b1b1d86090df2febfb00bc2bd76b1e66a
-
SHA512
f565d6e1bb09b2213c8f8770e89fc8f1527bc87c0a1f674e384061ce810a7527c53714ca70c06871369497b6e0cbd508e49212cb7791393ce2f77e042935c864
Static task
static1
Behavioral task
behavioral1
Sample
stud.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
asa2
kznbf.info
dl-today.com
jiucai1688.com
makrobet508.com
xjyyjx.com
xn--riqq15a1oh5j5a.com
ecotrait.com
668opebet.com
lucyloveboutique.com
suddenslim.com
mettsing.com
0pe816.com
expressionsofebony.com
ripleychurchofchrist.com
cwinterim.com
qilu129.com
enoteca17.com
itbpolice.com
shoulderworkmassage.com
02lh.com
perfect-juliettshape.info
wallmeds.com
4e57.com
irishpubavila.com
atwbnut.com
shreeomgarage.com
isayamatetsuji.com
metcon-fitness.com
dl-team.com
arma3qmgl.com
sfnbhvg.com
wozzcom.net
695yx.com
citacation.com
muychile.com
drmanyam.com
alexbrigham.com
jiou.group
maogf.com
isabelbraun.com
021fapiao.com
gnhqn.info
todreamcorp.com
keytes.net
themodernreviewer.com
vns68668.com
boutiquegianna.com
approvedaero.info
pearsonpropertiesug.com
hurrahsoft.com
swanmaids.store
mingwang.site
photographybydor.com
jordankylemusic.com
martinispalounge.com
altyazilipornooizle.com
lauron-avocat.com
fengshuomei88.com
winmirth.com
younggrafx.com
gipa.ltd
maisanime.com
proficet.net
u-logy.net
regulars5.info
Targets
-
-
Target
stud.exe
-
Size
755KB
-
MD5
6044900d66376321ad6f237d1b465ecc
-
SHA1
0147db0583256b648680a54573b288f9167cca67
-
SHA256
9099123ab27c467c09e2483339756820e29e6d8cd3d0346305d3873902e4af65
-
SHA512
03fdca6dfdccc2a17abbfb42adfb5a89a5e2a32b9929efde0689da17967db406dd55f057162d2324605254c354130c8b73077fa9bc4bf23053878ffc5f239076
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-