General
-
Target
1aac0454c65f31df7b93e2059f4c6895f4fd5fb5c90c6465d45626c391efd864
-
Size
456KB
-
Sample
220521-ncc1vagefp
-
MD5
7dda7b7a622537fa7838564b3a3d3c91
-
SHA1
dd5567d50fdaee01bef499ed4d6496d8c0e0e75d
-
SHA256
1aac0454c65f31df7b93e2059f4c6895f4fd5fb5c90c6465d45626c391efd864
-
SHA512
c574544133ee6fb6415a36c5e19f0d9b01e003e454e3d94232e0eef60ea3fb118e085c4d50e2d9a6ecca13b6505b1e6e9ecdfe4fdee55fa75d90f763724c1ee8
Static task
static1
Behavioral task
behavioral1
Sample
Anekgroup Order.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
xwqs
miracledynamic.win
farshadzandi.com
cruisesociety.site
alluredecorate.com
topseptictanks.net
goodguysblogblack.com
xn--80aaexkk3ad8c.com
manbet22.net
ristohotelcastellani.com
vesinhvinhlong.com
fashion-phoenix.com
iferrara.expert
sellyourart.gallery
hayatmag.info
serafimasflowersparadise.com
4p1o3a.biz
maidonline.net
kuntaijinrong.com
makethebreastpumpnotsuck.com
europeansmartcapital.com
familyfolktales.com
thetowing.world
zulemalabra.com
yennyso.com
asmnb.com
aryabhisak.com
taqueriaelherradero.com
ilovebuz.cricket
streamone.studio
othreport.net
xvyhhx.download
stratz-consulting.com
flangeroofs.com
aspiresuccessconsulting.com
ohiorecoverypros.info
xn--igt54izq0a.com
mojzesz.email
ecosnus.com
robocroft.com
secengine.net
thczepam.com
studiopenelope.com
chrisrubino.net
immogecheck.com
pier39.news
studentcreditcardreviews.info
plombest.com
04sbw.com
vonkeppel.com
pastecolor.com
boot-kik.com
comegetsomevoip.com
arttextileduverdon.info
bestworldwatches.com
dimasjts.com
offerberg.com
cqchidu.com
luxeladybee.net
turismosaoluis.com
jubfps.site
bobandbertie.com
1i0fourapple.loan
pushinglovely.com
abacusfinancialgroupinc.com
mansiobok3.info
Targets
-
-
Target
Anekgroup Order.exe
-
Size
541KB
-
MD5
20ab5fd8a0b7cf071121621eb19c15be
-
SHA1
670d97686fced6266b1e0f83e743a4954da588f6
-
SHA256
f9105883e8b27ee7cfbe161616f341841f2b7e8c36f5d2b11796e0b002d86ad8
-
SHA512
005c7da154214e2f9ed8a24ea81462545d5e26d2a40a62787a114c2cc6d7aabdf41c2d27f133cef60c3d9770e4b04220a625c94138f843ebeb9673318f04131c
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-