General
-
Target
33b1ceb947efe5ce7ace07a0790c5ff4eaf7f2b0ee78dafdbeee51c7df1322ce
-
Size
358KB
-
Sample
220521-mzt27scgd4
-
MD5
0a7efc3b912f71df3e25b61c35307300
-
SHA1
9c2e0dff2a7e72b3371b7d9e3c0bcf852dbf1721
-
SHA256
33b1ceb947efe5ce7ace07a0790c5ff4eaf7f2b0ee78dafdbeee51c7df1322ce
-
SHA512
cacf415994cd083dc07ab97fd7213e4c5e1beeeba1b3f843b2ea1d0ce6bbf82e28917db148c7025d0667adc34f0a0df20970e6b2fe2967caa4b7aea1b74cc7a4
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT DOZNAKA.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
n7ak
audereventur.com
huro14.com
wwwjinsha155.com
antiquevendor.com
samuraisoulfood.net
traffic4updates.download
hypersarv.com
rapport-happy-wedding.com
rokutechnosupport.online
allworljob.com
hanaleedossmann.com
kauai-marathon.com
bepbosch.com
kangen-international.com
zoneshopemenowz.com
belviderewrestling.com
ipllink.com
sellingforcreators.com
wwwswty6655.com
qtumboa.com
bazarmoney.net
librosdecienciaficcion.com
shopmomsthebomb.com
vanjacob.com
tgyaa.com
theporncollective.net
hydrabadproperties.com
brindesecologicos.com
sayagayrimenkul.net
4btoken.com
shycedu.com
overall789.top
maison-pierre-bayle.com
elitemediamasters.com
sharmasfabrics.com
hoshamp.com
myultimateleadgenerator.com
office4u.info
thaimart1.com
ultimatewindowusa.com
twoblazesartworks.com
airteloffer.com
shoupaizhao.com
741dakotadr.info
books4arab.net
artedelcioccolato.biz
tjqcu.info
teccoop.net
maturebridesdressguide.com
excelcapfunding.com
bitcoinak.com
profileorderflow.com
unbelievabowboutique.com
midlandshomesolutionsltd.com
healthywithhook.com
stirlingpiper.com
manfast.online
arikorin.com
texastrustedinsurance.com
moodandmystery.com
yh77808.com
s-immotanger.com
runzexd.com
meteoannecy.net
joomlas123.info
Targets
-
-
Target
SWIFT DOZNAKA.exe
-
Size
655KB
-
MD5
af3108b6d0e79e10bbe7d41569329242
-
SHA1
f0664a4be7c9b187f441912c342466d1f1952b84
-
SHA256
85774cdd3163c5e259dafdf67b113fd69fa8f4f9ebd964ee91b099bd2f58ebfd
-
SHA512
7f62d22804daf98e2ccc7176834f089aafca465e7f971eb9f64720003c57dc7888eddb709bfd4858ced5ab6261a220d610c47e0a6a31c2f296adb32ad5bc8180
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-