General
-
Target
877df31644a31293d6046a85562fba4298e69598f862c38db8f2c68ca75bf783
-
Size
196KB
-
Sample
220521-nrwrhahben
-
MD5
911ce26eb8199974cd4fa3c1f0ca07ad
-
SHA1
ebee3f6cda96cfef1b7f83550111f04754ef127e
-
SHA256
877df31644a31293d6046a85562fba4298e69598f862c38db8f2c68ca75bf783
-
SHA512
7ec27bf0a0a9c2af899e0a0c8dcdf72133b0f82a84a927e93a2544fb8316b4222a80a83c553793285cb76222ddac63cc58dfe40876698a14142f055209a441dd
Static task
static1
Behavioral task
behavioral1
Sample
Advance TT.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
kfr
pensight.com
in4rac-acc3es-re7unds1.com
iznjreb.com
globalqled.com
njzscy.com
763bifa.com
coinpatent.com
tipsfoorti.com
lukusabusiness.com
tokaminerale.com
jinshavip74.com
idbcc.com
maxfacto.com
graffititheworld.com
connecticutwatercooler.com
matroofing.com
route-ceram.com
redwaterservices.com
bracifyritugupta.com
discoverfrenchtown.com
calaveraskull.com
0pe158.com
callflakes.net
exploremoreco.com
artisantilecompany.net
bestoffunmovie.info
cafecondani.com
lovelaceboutique.com
zsupplements.com
cerecaustin.com
myquiz.win
netgrowthstrategies.com
qk9four.loan
skew.market
topnotchhardwoodflooring.com
berniesofly.com
oneworldrentals.com
enradex.com
mining-journal-30.com
mylifestylebyclem.com
ecomobilecarspa.com
xarkz.info
macdesarrollos.com
1818zsw.com
cheryllovesthesun.com
431man.com
healthylifeteamonline.com
t1xh7.com
lyitrc.com
digitalassets.network
sacrificant.men
jpbtestsite20.com
doneasa.com
huntsvilleguru.com
californiaautodealerlicense.com
retireinyourstyle.com
donelis.com
jyothimusicalband.com
oracle4business.com
kingcash.money
market-play.com
permatabnet.com
majorcoding.com
zepi.ltd
howcuty.com
Targets
-
-
Target
Advance TT.exe
-
Size
254KB
-
MD5
8a749626808c84035d23f56f95e8c2b8
-
SHA1
94870526b249acfe3f381387ba0f089c3598424a
-
SHA256
e6b120648d35809064107c751c61d73fd05aede9884be730c60dd4fe9a4ead0e
-
SHA512
d6e0835117436502f359900b800410d0f8b28937740be5a618a3993f1e0007947e914afe88f9cc1dbf5d1590ac7b554a586547692ac0511d86b2ffa540c1a97f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-