General
-
Target
c1bda786942300e009911838ae7b6f1c6919e9ac0023d85bba593dfd12edd5c3
-
Size
350KB
-
Sample
220521-nd6dsadef4
-
MD5
35a9df4824560ff93d9df4b196a23768
-
SHA1
5a2e97029948c15438dd5e027ffa9d8fc5b43de7
-
SHA256
c1bda786942300e009911838ae7b6f1c6919e9ac0023d85bba593dfd12edd5c3
-
SHA512
c1cfbe7f73fe4028d4c9b9b5054ad81ebb5ba84137e3ac06acf7634e928ee6d7914a60741aa7a16da3116305ab7aa4ec2f54f523c6b3eed369c21e7b8eb89103
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
formbook
4.1
mcn
qww13.com
polyadmission.com
blackbaycooler.com
angelmedics.net
saludcomplementariaintegral.com
multonin.reisen
atelier-des-lilas.com
theflamingorealtygroup.info
minnesotaauto.loan
silvfly.com
ubaoc.com
learcane.net
giftcardcodegenerator.com
consciousnessunpleasant.com
g1media.net
wwwstrikeout.com
yimifanghua.com
stampkm.com
bx-wdcl.com
unieekly.net
endsellerfraud.com
kriptoanaliz.com
deepcallsmusic.com
antiterrorsecurity.technology
wesk.tech
xbjxs.com
jnjmqzzl.com
1-edogawa-one.net
hnpzgc.com
vieclam-jobs.net
intensivprogramme.com
jlegitimus.com
f0aw9u.com
strikermillion.net
skyhomeshn.com
thatmountainbiking.com
sanweigame.com
rilke.photography
jp-accntapps02102911verif.com
radiomaceiomix.com
theshopby.com
surveywithease.com
cexo.ltd
frontgames.info
ukdealpal.com
fizzwagon.com
beautyfullyboundless.com
myadaptivespace.com
gentlemanism.com
longdu665.com
mlabsassociates.com
adventurechanneltv.com
j9d9.com
ehoulby.com
schisox.win
serviceiqinternational.com
smokinginc.com
mariscando.com
larympei.com
zhguixin.site
yuomi.net
butiku01.com
recetasinstantpot.com
designing-home.com
iskovlay.com
Targets
-
-
Target
Quotation.exe
-
Size
391KB
-
MD5
be84baa98d7e27a0df361cd6eba9506c
-
SHA1
41d84c4e36d9f0fa2def2ae157a0fa45e29e163e
-
SHA256
0c6ef50f134bbd723eddc99d8f9fc78b37e7e2590ec907ce4209075677add6d9
-
SHA512
a856515a24389c35cbe188ad08f23a87b260db2d08b3f9c4c5d50688b35a399adb0476ffc0f9f5b9f37c3fb7f5457bbc389c6ad3fe075045f4291ab4037b84b8
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Suspicious use of SetThreadContext
-