General
-
Target
0eecbd1cfe11cd04f57f0df6928d2a9994d8bdddf0e52dbc3629481fecb115ee
-
Size
218KB
-
Sample
220521-n7ywssege3
-
MD5
e1275647a9c95b457b73ef9466349c2a
-
SHA1
209d6434a2d43ec3597ce1bbab4481b2c9adac07
-
SHA256
0eecbd1cfe11cd04f57f0df6928d2a9994d8bdddf0e52dbc3629481fecb115ee
-
SHA512
d7632321bafb832ee7e54576df8489a44720ca807261b1d3414ff9b6ab25ebe10e158b834c9003b57f9ec5373f04721dadd9a8ff098f00e77a9365c8478f7cf6
Static task
static1
Behavioral task
behavioral1
Sample
DOCUMENT AWB_844790342632_pdf.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
3.9
jb9
cloud-medical.com
maximtech-bd.com
3d-sprint.com
624vhw.info
nexdesk.net
flxcustomsigns.com
gvuzejobxa.info
xiaobaokm.com
565mt.com
servicioscuery.com
500360.biz
stephanieshermanart.com
boozebird.com
merckcousa.com
frenchkissldn.com
lucyfaulknerllc.com
egekartus.com
bookyabber.com
cardiacimaginginpractice.com
deucessound.com
loveyourlimitsyoga.com
sadort.com
pegangbola.com
smxjsy.com
grpchicago.com
utahofficeforvictimsofcrime.com
msgbm.loan
thebiggestapp4upgrade.date
cveew.info
2nfy.com
qingbeirenedu.com
freedietitian.com
alexisfisio.com
daymdesign.com
codingplato.com
portatilespc.com
hzdyfy.com
hichamsabia.com
cremagoji.info
prorea.net
gppz111.com
bestlunchinbendoregon.info
goodfeli.com
halcyonessentialsdev.com
mossbaby.com
changeseffect.com
lifefocusadvisors.net
kelebektv.com
sentinelridgeatmtsi.net
rebeccawelford.com
cutandwin.com
eliosretreats.com
sermarineshippng.com
helenamthouses.com
thesheriffmuirinn.scot
hy030.com
seolink.studio
trendingonskysports.com
bilgiburger.com
firegearunlimited.com
makler-gesucht.com
sdhaozhi.com
mightyfootball.com
device-kyoto.com
cervox.com
Targets
-
-
Target
DOCUMENT AWB_844790342632_pdf.exe
-
Size
288KB
-
MD5
91a124938062fac6e7682b55fd314413
-
SHA1
f36bea3ccc4a93290456aaf31bf2bdc2d594a05e
-
SHA256
01214bebe6eb99ea6540145d7ad3e5f5a8a11691610be73aa24dc1107a71e360
-
SHA512
b1a11c0a3ef61c0e5243a5b2581adc7e937a67ce6f5dac1bb0dbed734742df8475eb03fc396a77ed81c3559aff82ad989ce9ed2f20019561e75e9172dc06a644
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Suspicious use of SetThreadContext
-