General
-
Target
3708d82b9036e4414462b672814d74ee55979922ef797c5b3c62a33bccf9b742
-
Size
226KB
-
Sample
220521-n9sskaehc3
-
MD5
9cbe83d969cf909f6b36d69d65d4c232
-
SHA1
3b045a0644e81fcc0c3ca6af7e0e1fea9c84db53
-
SHA256
3708d82b9036e4414462b672814d74ee55979922ef797c5b3c62a33bccf9b742
-
SHA512
5f2dd689bbc5d741960afac961c75869c61d92b53edcdcc984009220073c2ac0df8e25fb9225f0ce0df1e327bfcb5007efabb1536d449ca8813085aceb9fee07
Static task
static1
Behavioral task
behavioral1
Sample
shipping doc, INV+PL.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
otn
thewoodwideweb.net
broadconnectionpm.com
tuzlametro.net
vjpqdk.info
vietnamtimetravel.com
notice-close-n217.online
verif22-mail999-pymts76.com
bestgreenhouseplan.com
brangain.top
cukaapelbragg.com
stileincucina.com
veloflambe.com
virtualsupportservicesllc.com
smpl.site
mezo.ltd
incidenciasarty.com
everglamp.com
theflowerfarmplanner.com
oasis-base.net
jnrhsh.com
hostux.info
aptivauto.com
xedinl.info
newfiveflags.com
ottleyco.com
my-debtrelief.com
frantac.com
new-auto-news.com
castironcravings.com
cplusc.studio
firsteditionbooks.net
atraedinero.com
fooddeza.com
mariancolmanart.com
ats-ortho.com
kabolobari.com
otcvollar.com
dliti.com
jidanyun.com
realestatewithdawn.com
idecorados.com
czgy1991.com
moneysavingmissy.com
oderviettrung.com
szzolon.com
candycrushsaga.cloud
jmsortho.com
carebookkeeping.com
milesdavidlee.com
generallasers.com
informaticahostednp.com
paintmywedding.net
opusdentalonline-beta.com
rickramgattie.com
nbgkl.com
pjhsea.info
accuratevinylinc.com
dissedin.com
findmyticket.info
greekobsession.com
trendlong.com
tumarcaesladiferencia.com
noragamst.com
shapupu.com
regulars7.info
Targets
-
-
Target
shipping doc, INV+PL.exe
-
Size
450KB
-
MD5
88116a99ab38e1da8dac37fdfcdafb66
-
SHA1
8de0eb24271548b06ee88fc5217530638c74c263
-
SHA256
2085dc9e13df8584961a5cce08759949521da18b21a364ba52a4e6818f80d610
-
SHA512
56197bafd5bb177ffd57cc0ffc66c9bfe5ed5d0f3e5288f7afb32281684f94741c831a2890a06dda99e514a19fadc1ee63da65c1888a82bd59102e35b65d5c1d
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-