General
-
Target
c9a5a3572037295e14ea5e0e62396c2e9a73e019bf8b36be502b8a8a9987ff4e
-
Size
477KB
-
Sample
220521-n5nytahggj
-
MD5
4ec5f3df2eccd02ea085acf551537037
-
SHA1
d75a45b30b959583be3f3c98ffc4d0f0987f728e
-
SHA256
c9a5a3572037295e14ea5e0e62396c2e9a73e019bf8b36be502b8a8a9987ff4e
-
SHA512
1cb22eb030036c3306e3f397b66e7ae2f68cca9e6e8248d2794a8544b8cece93150184a89a9949169e550de1d8942fed67d5ea1dacb115d72d818d24546ad500
Static task
static1
Behavioral task
behavioral1
Sample
5IYB3BCNQjj7wzj.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
w5fk
wphi.net
variable-annuities.net
jp-payment-restriction.com
xcashmere.com
matematikmarketi.com
searchandresearch.ltd
strategyformat.com
redirecttacorp.com
smile-factory-misato.com
nrwlr.info
quboti.com
miraeevent.com
proroofclean.com
xmymzp.com
abettertoupgrade.win
sixstarscleaning.com
miyoqf.info
lightingiot.net
onlinesanalkart.biz
tapdndheros.com
ladazapchasti.info
fransweet.com
xjhrzp.com
rekatec.com
gahawuti85.win
gdprmydata.com
rss2blog.com
mentors36.com
07km.top
hotgirlswonderfulvideo.site
knucklechux.com
123tamiltv.com
soccer-perform.com
0x989903.net
kctrendstars.com
shanghailc.com
realestateinvestinga2z.com
neymassage.com
reputationhero.online
theninthzone.com
michigancommunitycollective.com
silk-knot-membership.com
jadewigginsdesign.com
isabellaclarkeofficial.com
musiconholdexperts.com
hotcam4.com
newdlmagicstore.com
womensfitnesshub.com
tuzivr.com
ainosansyanpoo.com
paniqinslo.com
steakhouseknutsford.com
97scly.com
altair2008.com
parissummerolympics2024.online
louisgray.net
hamxw.com
briccountries.net
daksma2019.com
wordsearchpuzzlefriends.com
fadianji36.com
dainikjagrannews.com
singletracks-bike-park.com
woodstoclkhyundai.com
regulars6.com
Targets
-
-
Target
5IYB3BCNQjj7wzj.exe
-
Size
530KB
-
MD5
5932bc473a03c2c6152c22df035ecbe0
-
SHA1
dc7b021e39765c8959bb64957092122c11cdde0a
-
SHA256
30d3cf43f91eea8df889ee14337ca8067bc68521ff63184c679aac80b321bb75
-
SHA512
ac8e916e90eba08f05f988bf7a11e5f3a4fc25c62c88bccdd4047707bd35962c5b5604ca6efadd5d2f16f5621e6dbd545230d2291ed2c5546450ec8153bddbba
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Suspicious use of SetThreadContext
-