General
-
Target
3dc9242174f1a2ab0c304d3cc5ab7e5ba900f252c7f1bef2b408174517070869
-
Size
475KB
-
Sample
220521-n7czbsegb8
-
MD5
54549d3228636cd5c86aa545dc686080
-
SHA1
5c00881d94927c9fba937ef2d0d18775a9a9ec3f
-
SHA256
3dc9242174f1a2ab0c304d3cc5ab7e5ba900f252c7f1bef2b408174517070869
-
SHA512
0b1f5a26434361bbb1163f2127a0295941f0b9a74a09e968ca905c0bc2ec064792b6a42e4f7fad6c7bd38e1ce86fa6a30b5e717872a40766fb8f39cfcc3478f8
Static task
static1
Behavioral task
behavioral1
Sample
UVMXBIMGPQmBopg.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
cuzy
qytzkd.info
cotils.com
globl.photography
kczyzc.com
aero-re.com
k2centrope.com
gmiecuador.com
plufacile.com
hdlivewatchtv.com
hormongefluester.com
taarufnikah.com
extremecoffeemachine.info
jobnavio.com
duihuanji.com
buyspotifystreams.com
dieteticienneetgourmande.com
calmcreativebox.com
eletriking.com
shenzhu3.com
bis-en-ligne.com
myshirt76.com
recoverytalks.net
brextonlllc.business
ncdbls.com
tembostotes.com
cannacannolis.com
everythingboosted.com
luttrellauction.com
fourhourpage.com
citilinkgroup.com
thelittletankfactory.com
rlwlawoffice.com
maltepeescortr.com
myweekinatheism.com
vchalloween.com
dussokagi.com
bwfworldtour.com
air-nexus.com
repartitoer.services
yizaqni.com
hokokino.com
evabhika.com
scdnsw.com
keithdixonbuilding.net
nharry.com
youtubeviamp3.net
0o2twouser.men
theabov.com
couplesplaypen.com
prompt-sys2.info
bsecurityfoundationxl.win
us-visaesta.online
infocomunas.com
chittarupa.com
granitetowersequitygroup.com
jdbraytonauthor.com
aquidasl.com
empoweredo2.com
fbcsaintelizabeth.com
operaaeris.com
unicevent.com
soapfactor.com
bewalkintubsyes.live
enyrnax.com
ranges-xx.com
Targets
-
-
Target
UVMXBIMGPQmBopg.exe
-
Size
532KB
-
MD5
57922b4e9d102a43d8758ba35df42969
-
SHA1
b175108ff8d06e71ab8fc22e2504891b9838015b
-
SHA256
85915cd56ea653449e15a3f3b393bf398c1135221139d75a5349b51831413937
-
SHA512
028a8d9607ec8c638900b7e8988ff5ad91fbec9291a95862dcfdb0842d63128a6c0a67dff5ff99788a972f64bbb4a9cf67e9d3ad821a8f7c0675b730c448d653
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-