General
-
Target
6c0726019c69676d072d2680a142cbe4d194b8b9cd61fa7833b54e0f6dce299a
-
Size
407KB
-
Sample
220521-nddc1agfbn
-
MD5
34dbe410cb043fe58d8bd5d0f0c08ef8
-
SHA1
8df0e73710e95830f6d17dab713d314e146e9272
-
SHA256
6c0726019c69676d072d2680a142cbe4d194b8b9cd61fa7833b54e0f6dce299a
-
SHA512
1f2df8a886af340a92fd6001fa5208f3c2f9f04cbc9ae6929539c154debf6fee3c2e239d73c99dc38934b561e936d0df6a8cc76bdb2556b4671420ac03031171
Static task
static1
Behavioral task
behavioral1
Sample
opTrJaglOqdy9oE.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
aq3x
atinderellastory.com
transylvaniawanderlust.com
b9x1muhzjm4.biz
questmfgtech.net
globalsmartcoin.com
wine-worldtour.com
boerauto.com
lovelybakingco.com
mosikito.com
valorea-immobilier.com
szts168.net
emarkage.com
extraordinarylivingstore.com
ihatehunger.com
animoji.zone
robocovers.com
refengmo.com
beckomedia.com
rifitumab.com
vfatgroup.com
wwwjs80044.com
nbwqwksf.com
kakaroto07.win
kinnairdmarine.com
gamepaces.com
futureyou.tech
bitcoinatmproject.com
atlhomebuilders.com
toprehabfacilities.com
shoptildrop.net
cierradiamse.com
geodataservicesinc.net
patentagentdirect.com
easy-diver.net
rmax10max.com
zvwewn.info
openanel.net
shyxcm.com
mantistrailer.com
13e2.com
peku.ltd
diamondridgestablesllc.net
diabetesgala.com
geleixiaos.com
sanantoniotxsolarelectric.com
dongpinwuyou.com
pkmenjoytheride.com
west-decision.com
skinnutritiondoc.com
garderob.store
feelinamazen.com
artandaks.com
m4sq.com
simple-prod.com
xn--hxtub534vqoa.net
blockchain360.info
ozmosmh.com
walaimpressions.com
yakpore.com
killaday.com
rerab.com
beadsdirectory.com
wonder7globaltaiwan.info
asksociety.site
regulars6.com
Targets
-
-
Target
opTrJaglOqdy9oE.exe
-
Size
553KB
-
MD5
ed5ff25257d74b36a35c3a171dd754cc
-
SHA1
238a3737b3458e3ad2dcef135e9086f6be65811b
-
SHA256
a8534e310ee42756cfc01caf1eeddc8f4bca6e7e7f36de1a90f5c6ccc480e90a
-
SHA512
5f262537948b58769264dc896a2defd7d5a982e01ed7c7e3be12647e861a0c119e166e50b776be315015d66c5425183eac78094dc38fc41cab319f38fe91a00a
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-