General
-
Target
1e74c1eeb3cc1017ad88de0588d82b31fa5b0de826f4555a77bfbd9f1265dd8f
-
Size
449KB
-
Sample
220521-n7q6yshhfn
-
MD5
b11c74fe738b935d1d90ad905c5ac046
-
SHA1
39f2051d20c1d8463e47da0ecbc9987c7c358128
-
SHA256
1e74c1eeb3cc1017ad88de0588d82b31fa5b0de826f4555a77bfbd9f1265dd8f
-
SHA512
fc58a4b6e3b64bcb803a4fdff220c81275e263ee541641bc6d3f2e4321e8832437a502be4b2220db23fbd190209acd6dddfac3dded319e7a4a8abb7d883153e4
Static task
static1
Behavioral task
behavioral1
Sample
Anekgroup Order.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
xwqs
miracledynamic.win
farshadzandi.com
cruisesociety.site
alluredecorate.com
topseptictanks.net
goodguysblogblack.com
xn--80aaexkk3ad8c.com
manbet22.net
ristohotelcastellani.com
vesinhvinhlong.com
fashion-phoenix.com
iferrara.expert
sellyourart.gallery
hayatmag.info
serafimasflowersparadise.com
4p1o3a.biz
maidonline.net
kuntaijinrong.com
makethebreastpumpnotsuck.com
europeansmartcapital.com
familyfolktales.com
thetowing.world
zulemalabra.com
yennyso.com
asmnb.com
aryabhisak.com
taqueriaelherradero.com
ilovebuz.cricket
streamone.studio
othreport.net
xvyhhx.download
stratz-consulting.com
flangeroofs.com
aspiresuccessconsulting.com
ohiorecoverypros.info
xn--igt54izq0a.com
mojzesz.email
ecosnus.com
robocroft.com
secengine.net
thczepam.com
studiopenelope.com
chrisrubino.net
immogecheck.com
pier39.news
studentcreditcardreviews.info
plombest.com
04sbw.com
vonkeppel.com
pastecolor.com
boot-kik.com
comegetsomevoip.com
arttextileduverdon.info
bestworldwatches.com
dimasjts.com
offerberg.com
cqchidu.com
luxeladybee.net
turismosaoluis.com
jubfps.site
bobandbertie.com
1i0fourapple.loan
pushinglovely.com
abacusfinancialgroupinc.com
mansiobok3.info
Targets
-
-
Target
Anekgroup Order.exe
-
Size
494KB
-
MD5
d2b789d2c98252774eb46369c122e862
-
SHA1
79d2d76e879bf3dc2d9c5c748fd69c37ce6c3d16
-
SHA256
823f72e280224715e6d4f7fff1f792d2c372d7633eab250f2308325eff114c18
-
SHA512
e2b217874575571d6159a35cc34be34de1ba078e17084e5965f56e4066b6ca8acbdf1bf40d4a30ed5c21a0716baa308778af1fdd02f2bbd1d9f7a036d44b1d84
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-