General
-
Target
8a91915f32ed87bb6018a8c8feb3775531e4139f89d05bb28f1bf9ba93b1624f
-
Size
409KB
-
Sample
220521-nbrgvadde4
-
MD5
4e40b87de03efe2379211eea7f9dafa5
-
SHA1
2e11150709111ffaec5d05b6f2d8f91ec1617a9f
-
SHA256
8a91915f32ed87bb6018a8c8feb3775531e4139f89d05bb28f1bf9ba93b1624f
-
SHA512
724feb2da8425f5182ed71b2a9179f5d2ec08469d4a146565914e2a97c740c9495a7721f5614922b4b2d7a62b5ab9ac0ca55d45bb9075c9f4bcaa48267fb5c4e
Static task
static1
Behavioral task
behavioral1
Sample
August PO.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
g82
hqeknj.men
keboku.com
westofbroadway.net
trustbetween.com
alpa-dachbeschichtung.com
korea-kone.com
akira-fukui.com
bikehire.net
stabilizedliquidoxyen.com
thepigeonpea.com
myilene.life
classroomclosets.com
albergodellasalute.com
propiedadesok.com
gannettinsights.com
marie-rae.com
essentalgems.com
appicot.com
lupinpaints.com
jizhehua.com
skjev.info
hashimotoshota.com
greenworlduganda.com
kmcfadyen.com
alexander-property.com
myroofrepairleads.com
bencaoye.com
byqld.com
xn--hg3b21bu5coyh9wnhnb.com
1l5sevenmoney.men
mir2.ink
hjehzsebcrrd.site
equifaxsecurity2-017.com
monyet-office.com
clicemploi.com
xshe.ltd
revsquarellc.com
reoffi.com
tedarikistanbul.com
dreamownernation.com
hnobor.com
bostonlubricant.com
bither.tech
attentiontoexcellence.info
akterzi.com
dwalornodeal.com
westvirginiarailplan.com
pinnaclecontractorsllc.net
so-geht-es.com
acerruti.com
kadment.top
updsglobal.com
yanahijab.com
065858567.com
hbatp.info
boreclothing.com
brickaccounts.com
chaussuresalomon.com
3v-concept-bh.com
studiomachetti.com
cricplatoon.com
danielsdresses.com
orlistat-buycheapest.com
335manbet.com
ranges-xx.com
Targets
-
-
Target
August PO.exe
-
Size
567KB
-
MD5
1de6deb3fb735bbc867c39ab0fa605e3
-
SHA1
d16db5cf8af609e28f2bf6813b8cd8150f4f73b2
-
SHA256
0bf6ccdd920a50186f7318c51564ecc8f502302b084a5fda3feadb0d51e40f24
-
SHA512
4a25e6d27bf93ed823c59f4c8c145d5c2e11ba414546cabb22169d028186e3fa27d760718bd48848905c856bf115035d5b384505916c3c091c0bd4d709b8c6e8
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Suspicious use of SetThreadContext
-