General
-
Target
3d86757e20cdd1a7e617071cc4149a509f22ed6b14118ce543809f42f0f6bdf2
-
Size
852KB
-
Sample
220521-n9fg8saafl
-
MD5
6d34f7f0b8a0653bf8bcda091d513289
-
SHA1
2d84aa466b5379b5d82327247baa7d149d3d7833
-
SHA256
3d86757e20cdd1a7e617071cc4149a509f22ed6b14118ce543809f42f0f6bdf2
-
SHA512
fa7c755e7f03fec5949b3c4a4a87929004669296cc9b1142d856d95f3c53a6a702d4b909a1be63773cc7f85229b43b60d4c8a5a8d3446a184fd84f9c47688bd2
Static task
static1
Behavioral task
behavioral1
Sample
quote107.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
vcd
lacittauniversitaria.com
godsdigger.info
stxfwj.com
sing-uk.com
crazyedu.com
sunchermical.com
cocaparis2024.com
ahazm.com
li021.com
bizzspire.com
jb-o8y.com
ssconlineadmitcard.com
merkled.net
nesaraconstruction.com
viba.ltd
rasshoferconsulting.com
slingersdlbrbhjs.download
higgins-plastering.com
prostickusa.com
szryyl.com
crfmail.com
758elpintadord.com
things4dogs.com
skyhub.solutions
casavillaesperanza.com
xulynuocthainhiemdau.com
danarebecca.net
tongren119.com
k-908.com
zedbloggeronline.com
loqiri.com
fhjej.info
weihuimao.com
biokinemetrics.info
thevistatoledo.com
b2btechemail.com
duhe.ltd
artgarfunkelbooks.com
lessentielstudio.com
sdoubote.com
perfectdiveform.com
hanguoxuebingguanwang.com
readlies.com
xn--fiqa07aw9y6mlc3hiqb4w5k.net
sabkimaggi.com
keyways-lnt.com
xn--snapcht-bxa.com
whatsthebestfrench.com
saddamakhtar.net
tpscrtcnsltng.com
ysiemprendes.com
abcconcours.info
lienvision.com
97ping.com
canthihocduong.info
shjdfc.com
yinghuatianyi.com
fincasyvecinos.com
thefoodieboo.com
leafworkdna.com
ads-strong.com
juhao.site
thsavingsbankohio.com
matthewjgardner.com
godhep.com
Targets
-
-
Target
quote107.exe
-
Size
1.1MB
-
MD5
6577e654e8f6e34a2f486f9df3f9c9cf
-
SHA1
eb69cc879edca23b06912569594f02f8be50cd2b
-
SHA256
b91d1df833c959a0c941ea92dae9d30f23cb4825ae33594da4eafc758a8de10f
-
SHA512
29d8308c9ce0cb7d4f5bd2d81cc4e156c2e6a8d3772f2fbcdf9c8f4f0228ca502217a908bf02a867fc438068b2387ff9f251183de2206bfc5df48fc72b813675
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-