General
-
Target
6854299d35256c70e4c3dfa2039ec9aa9ba2f381a9b73c21985cf2521f775e93
-
Size
492KB
-
Sample
220521-n6wp2sega5
-
MD5
915d1197c4f0cf12c3d2ac74e518ad75
-
SHA1
3a9926512dacc0b8ab20e64553d76df4cb935352
-
SHA256
6854299d35256c70e4c3dfa2039ec9aa9ba2f381a9b73c21985cf2521f775e93
-
SHA512
32265e46d55061b03ac6c15b45ed1cbc7c5e67db6ce839100a59d870f39263e3743c3252a61a0fd5f98cc208d83f79ccad008830927e26701bb215a9365fa0ce
Static task
static1
Behavioral task
behavioral1
Sample
Company Inquiry.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
dth
gallerypiquel.net
960243.com
425sqftart.com
tiedupporn.net
rxmedia.services
carsandjava.com
bannresolar.com
ecowashnh.com
joshuarent.com
kolacabs.com
supps-acc-issue17.net
meilleurs-livres.com
zb-3a-spring.com
gettabs.info
symonha.com
xfl3d.com
blackbrownbrothers.com
travelerecuador.com
cheaperrate.net
zeytinyagciniz.com
1tabak.net
melgough.com
www357234.com
stellaluce.com
deltissolutions.com
mindguidelearning.com
naukrigov.com
allthingsnicebyfiona.online
ttbgmpcj.com
treesurgeonberkshire.com
bobstarrecruitment.com
vertefuse.com
williamdz.com
todyj.win
nolanmercer.com
abitofsatoshi.com
traffotography.com
bb-24horas.com
cannabiscompany.online
wesentlich-leben.com
deezynation.com
blackchickensofmontreal.com
contact-mailorder.biz
shinyjoias.com
bracifydentistry.com
thermalteolo.com
buckscountyautotags.net
shalinxingxiang.com
fixsoo.net
cleanteamcoaching.com
html5zx.com
die-welt-des-sports.com
istiklalturnuvasi.com
nextoutdoorgear.com
xrpplusex.net
ybxyd.com
lfr1881.com
hfpajdwx.com
rbc.ink
texaseducationmedia.com
lineenc.com
mutuario.com
annuairevoyance.info
polline.design
chemoly.com
Targets
-
-
Target
Company Inquiry.exe
-
Size
729KB
-
MD5
56d8fb3908247ecd23aec0911b5a1f18
-
SHA1
7945e93f8d91479802ae223f66d11fe56728e690
-
SHA256
e2ee2925682e188e41fcdf49f0274de4617fc3a9506ad31be7a9caeca6d21b38
-
SHA512
e2b99d160b5a79a3ba029ebf243f5914b72f2701f3ec955850dfe9af411456ad2754113df8d06fb91e668c57426971c1c663f74f4bb991c3c5cb9c07693080cc
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Suspicious use of SetThreadContext
-