General
-
Target
997644d0d16bbb753f8d5058e19aeb1e28d1a8f46f5f0935183baa3c80debcc2
-
Size
546KB
-
Sample
220521-nrne5ahbek
-
MD5
67266e19d606f4ec118109c8735abdc3
-
SHA1
419ceebe073463fc10336a8eb1c9f93b0a0a9d8c
-
SHA256
997644d0d16bbb753f8d5058e19aeb1e28d1a8f46f5f0935183baa3c80debcc2
-
SHA512
9d59e18a600c1567094d6c30776d4ebdf15c9a6dd795762f809adb2eac0ba27971804dc8ebddf4b845462c9ee8e5b35ed9ea58254cbd20e7950ff90b428da650
Static task
static1
Behavioral task
behavioral1
Sample
order specifications.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
kvsz
okashyns.com
sbsgamedaejeon-two.com
drb77.com
top5dating.com
websprings.online
voizers.com
zenith.site
lahistoriade.com
qv85.com
armandonieto.com
priestvedic.com
jessandjeff.net
magic-desktop.com
jitaji.com
ldmeili.com
yuwanqingmy.com
buzhouorg.com
chaiseloungereviews.com
m2g8way.com
freespin-support.com
bocapvang.net
315px.com
eugeniobarros.tech
sif.email
xn--oorv2aj6bj7cds0d6p4b.com
polychips.com
grouptulip.win
landbank.site
bet365c.win
inbonz.com
outofthepark.today
jeaniney.com
weeip.com
dmoneylife.com
rticlubs.com
reisedating.com
marijuanadogbone.com
funippon.com
banknotesync.com
alexandre-boissard.com
valorartetattoo.com
savetheverse.com
specificpcshop.online
h0jt1y.accountant
jiqing3.com
alfaranakle.com
saft-store.com
wanderingcollective.com
santandermobi.online
557023.top
loulancaster.com
vedattelekom.com
jatinangorcity.com
goldencanaries.com
edgaralanbro.com
levelretail.com
taylorsandbek.com
upbeatnewyork.com
motoreselectricoschihuahua.com
hotair.wales
getawomantodoit.com
xiaoxiong365.com
cloudboxsupport.com
vecteur-u-shop.com
fex-tracks.com
Targets
-
-
Target
order specifications.exe
-
Size
657KB
-
MD5
2c2b342897c2693632051bde77ef39a8
-
SHA1
f19572d227a440b36d202343b9a6ab20ada5f2b3
-
SHA256
2ca55ed1af922548fc6abdb7b49386a6d62edd7b6d5609d45f1c369de4fa9269
-
SHA512
e80f335bef303ebe49279e8035b14d71aaa5c6a79d0b058df5ed22ec5f9d02fe1e59cc0ddd56b1a2e89119b540a61bfcb18dcfef2c47c051a8cbc9d08319a127
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-