General
-
Target
8f9430926059b310cac4b568f1ad316f8a9c44d6645d8e30661b5cbc8408254c
-
Size
281KB
-
Sample
220521-nrtl5seaf4
-
MD5
232033c109838ada02bacda73f6de2fc
-
SHA1
ee0b5346aa4d18ab1e7d84efeb1a65cf720a2095
-
SHA256
8f9430926059b310cac4b568f1ad316f8a9c44d6645d8e30661b5cbc8408254c
-
SHA512
68f52c2115daaf879fa712141a54566d02a9223ab4f2b1f349002daff6b3f0374d1b0d8549c56a04457ee118271628daebedf65d0930abb0f8412e09ff231226
Static task
static1
Behavioral task
behavioral1
Sample
DHL Tracer.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
k859
tealpineapples.com
boatybracelets.com
srurslzmd.download
oregonclimatesmart.com
holistics.net
allsystemsforupgradesnew.review
005554008.com
inteligenciamental.com
valedamente.com
novinsaraf.com
schnyderfor.com
newideait.com
horny-for-art.com
susanmurphree.com
lineage2impact.com
khaoskoordinator.com
baolanhuc.men
equifaxlaw.com
aaronsalvato.com
radioxxesertanejo.com
mypheis.com
goswim.life
sellmypropertyforfastcash.com
qebhw.com
theking4d.com
ghost-dragon.com
dayconkhoahoc123.com
carsindo.info
whdajing.com
sofanamphat.com
townsendindustrialestate.com
bighelptexas.com
stylesbyjeannie.com
ninteract.com
boqixinhai.com
m8iuvser72zlw.life
livingem.com
saywhoyou.com
wintergalen.online
smurflegends.com
rgsends.info
jbxcomunicacao.com
faszinierendeweltderquanten.com
yourstoryheredc.com
vij-me.net
weddingbarbells.com
abundantcopy.com
jingjing6668.com
sanjuanchartering.com
pinckneyboutiques.com
hongkerfa.com
gifted-experiences.com
xn--9i1bt6k.net
acledabnk.com
jyh51888.com
dlhzrv.com
firearmsupplies.com
northerntiny.com
globalwealthaid.com
ifueldrop.com
creamyjustice.com
zk-devops-jenkins.online
feiyuntech.com
granduniontour.com
mansiobok2.info
Targets
-
-
Target
DHL Tracer.exe
-
Size
371KB
-
MD5
22065e9ed2fc96ed8f9ee1fd4ebe5ba5
-
SHA1
c981814d1ce5fb9bba996f9f3d7853cce6f59cdb
-
SHA256
931de7a667086f50575388e97d16c318682f63c8ba9d044aa006abc6e26f2862
-
SHA512
9f05eecfcb2ee087ff2c74190ad7145b8c3a2fea0901a872964f184a8af876b4347172be311117e30db295af1888826d765bd66d807ebee8eac6416e9e770cfb
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-