General
-
Target
7daa64f8d89deee1ae3390dbdf89df275fba3336d6b33a9fe38903d1045fd3ce
-
Size
624KB
-
Sample
220521-ne1jxsggap
-
MD5
81976c8ce995417db739acd064e97207
-
SHA1
b6ed7169ed696d7030484332dea31251cba2880f
-
SHA256
7daa64f8d89deee1ae3390dbdf89df275fba3336d6b33a9fe38903d1045fd3ce
-
SHA512
8361e82976e420e6c6f051292a283c5b9365b83c3e116bc558e567dbc03d14baa5598b940f62c0f87f56a460e5fe0bb230f37f5a5efe510157ac22838affce23
Static task
static1
Behavioral task
behavioral1
Sample
purchase order.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
mcn
qww13.com
polyadmission.com
blackbaycooler.com
angelmedics.net
saludcomplementariaintegral.com
multonin.reisen
atelier-des-lilas.com
theflamingorealtygroup.info
minnesotaauto.loan
silvfly.com
ubaoc.com
learcane.net
giftcardcodegenerator.com
consciousnessunpleasant.com
g1media.net
wwwstrikeout.com
yimifanghua.com
stampkm.com
bx-wdcl.com
unieekly.net
endsellerfraud.com
kriptoanaliz.com
deepcallsmusic.com
antiterrorsecurity.technology
wesk.tech
xbjxs.com
jnjmqzzl.com
1-edogawa-one.net
hnpzgc.com
vieclam-jobs.net
intensivprogramme.com
jlegitimus.com
f0aw9u.com
strikermillion.net
skyhomeshn.com
thatmountainbiking.com
sanweigame.com
rilke.photography
jp-accntapps02102911verif.com
radiomaceiomix.com
theshopby.com
surveywithease.com
cexo.ltd
frontgames.info
ukdealpal.com
fizzwagon.com
beautyfullyboundless.com
myadaptivespace.com
gentlemanism.com
longdu665.com
mlabsassociates.com
adventurechanneltv.com
j9d9.com
ehoulby.com
schisox.win
serviceiqinternational.com
smokinginc.com
mariscando.com
larympei.com
zhguixin.site
yuomi.net
butiku01.com
recetasinstantpot.com
designing-home.com
iskovlay.com
Targets
-
-
Target
purchase order.exe
-
Size
783KB
-
MD5
a609941d3573f765b9e5ce5f21bec964
-
SHA1
22cd8b5de95b184dfa1d49f80a981cd8367cfab8
-
SHA256
b92daf26444f20dda1b9473af9b4016f67fc4e87761b1429021aceba77e3dd5a
-
SHA512
d2bcecf3eaabee030cb5081ccc1dba92fd98a9a9b374664631be1a3a4d0615812df2c18127299c4a133358684401ca6fdcbd3e3d0fb05e6f1d2f0687a813070f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-