General
-
Target
c3e06adac1de1ffc979fb03a2568122dd2d9df5317ac929c65b992502613a073
-
Size
449KB
-
Sample
220521-nd5ggsdef3
-
MD5
1ebd9f034bf51511c62005f93a9cd7f4
-
SHA1
5cccde19188452521633249332e746c2765a6f3a
-
SHA256
c3e06adac1de1ffc979fb03a2568122dd2d9df5317ac929c65b992502613a073
-
SHA512
a6d8ab310ca5e844a3b67efc1c17ee255af90f957f466c5010ce979a1e7625c9db79c55f7e72f58fb966f32894e6260b5584db6792d3880a85d25071229256b2
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order-0096005.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase Order-0096005.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
formbook
4.1
q5e
2177.ltd
thanxiety.com
max-width.com
fixti.net
mostmaj.com
mobilteknolojiuzmani.com
historyannals.com
wheelchairmotion.com
mossandmoonstonestudio.com
kastellifournis.com
axokey.net
peekl.com
metsteeshirt.com
abcfinancial-inc.com
btxrsp.com
amydh.com
ccoauthority.com
lumacorretora.com
kimfelixrealtor.com
iconext.biz
giftstgg.com
imonsanto.com
invoicefor.com
qfhxlw.com
wsykyy.com
gladius.network
peliculaslatino.online
timookflour.com
gxkuangjian.com
utvklj.men
rabota-v-avon.online
sheashealingway.com
thoitrangaoda.com
rytechweb.com
circuit69.com
crowd-design.biz
carosiandrhee.com
778d88.com
calvinkl.com
cjkit.com
jgkwhgxe.com
sanitascuadromedico.com
mellorangello.com
whiteinnocence.com
medtechdesignstudio.net
nurturingskin.com
guardyourweb.net
juw2017.com
jnheroes.com
damicosoftwaresystems.com
gesband.com
onwardsandupwards.info
gopropackaging.com
centerforaunts.com
sarrahshewdesign.com
intelligentcoach.net
iasisf.agency
products-news.com
calvinspring.com
100zan.site
9mahina.com
saleaustralianboots.com
floatinginfotech.com
calcinoneweek.com
yofdyk.com
Targets
-
-
Target
Purchase Order-0096005.exe
-
Size
574KB
-
MD5
e90d5fb481511c5d3c844529fe20ee00
-
SHA1
8f03158dbe6edd2a6fdbedbf860f5905030202e1
-
SHA256
89819dbac176147b14b878250b43d1954844e6f0d4bace8b4607bad4405ca96b
-
SHA512
dd1d22fe8b35bdf1c9cc1dfc926666b58e454425fcee33c2168a604a6c852b7137592b896e38cd35caeb1215b7073beb7e5e9aa6d53ff55e6eabcb69d6fb6ff7
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Suspicious use of SetThreadContext
-