General
-
Target
54dfdea0cb31caccae921efb93d0a8ecae8e0dd28d7454b059b255c0b898f03f
-
Size
403KB
-
Sample
220521-nb1eraddf2
-
MD5
0ad1df65b49269bf154873e8639c2b80
-
SHA1
099ab828a9dd942d9bb7e778415844022048c72f
-
SHA256
54dfdea0cb31caccae921efb93d0a8ecae8e0dd28d7454b059b255c0b898f03f
-
SHA512
c0ceca96d0ec9d403bedf108bb42acbd10c4ab46bdbc8180cb6b4b4821c157fcdb64306ba581ef30380f920373ec69f3baf3d21befca8de7ee932267e16bc5ed
Static task
static1
Behavioral task
behavioral1
Sample
PO..exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
g82
hqeknj.men
keboku.com
westofbroadway.net
trustbetween.com
alpa-dachbeschichtung.com
korea-kone.com
akira-fukui.com
bikehire.net
stabilizedliquidoxyen.com
thepigeonpea.com
myilene.life
classroomclosets.com
albergodellasalute.com
propiedadesok.com
gannettinsights.com
marie-rae.com
essentalgems.com
appicot.com
lupinpaints.com
jizhehua.com
skjev.info
hashimotoshota.com
greenworlduganda.com
kmcfadyen.com
alexander-property.com
myroofrepairleads.com
bencaoye.com
byqld.com
xn--hg3b21bu5coyh9wnhnb.com
1l5sevenmoney.men
mir2.ink
hjehzsebcrrd.site
equifaxsecurity2-017.com
monyet-office.com
clicemploi.com
xshe.ltd
revsquarellc.com
reoffi.com
tedarikistanbul.com
dreamownernation.com
hnobor.com
bostonlubricant.com
bither.tech
attentiontoexcellence.info
akterzi.com
dwalornodeal.com
westvirginiarailplan.com
pinnaclecontractorsllc.net
so-geht-es.com
acerruti.com
kadment.top
updsglobal.com
yanahijab.com
065858567.com
hbatp.info
boreclothing.com
brickaccounts.com
chaussuresalomon.com
3v-concept-bh.com
studiomachetti.com
cricplatoon.com
danielsdresses.com
orlistat-buycheapest.com
335manbet.com
ranges-xx.com
Targets
-
-
Target
PO..exe
-
Size
561KB
-
MD5
f860643dd91d5ce1673b9ad9e33c97b6
-
SHA1
9fca8d58fb45dbf7b1ef7c6f0a8f992de4a61e83
-
SHA256
7eb341c011c4ea364ef927cfc57ac980111e9c49012834c3760896fec7f04d52
-
SHA512
396bc6fcd0d0c28875aba8991f7e8c3e5c1f7507fb360d3fe026382893ca46fd286939fc79122bb090afc9aa2eda257fe58444a4a5b4abd0dd80617fdffd69f0
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-