General
-
Target
35db64bb80ae718b8b9950b4403bd9137635d327bef811d0a20d1e51e6880116
-
Size
429KB
-
Sample
220521-ns1rvaeah7
-
MD5
690d69d79901644d01a52492a49886dc
-
SHA1
b9450470be4b384ef5ca1f09bb39a6d21365f38d
-
SHA256
35db64bb80ae718b8b9950b4403bd9137635d327bef811d0a20d1e51e6880116
-
SHA512
9c2f4b4cdf81fe1ab7323a9ca845d3b5ba1ae30c228f1c1a8238c3992a6d7d714bbdb07747f1a67e54491dd4ea351a47fd49330f2449e27f5823040e1f436ffd
Static task
static1
Behavioral task
behavioral1
Sample
swift copy.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
3.9
b1v
regaloscoletivos.com
bedavasiteler.com
gutbrod-helfer.com
lfp1979.com
qtgermany.net
clevelandwebsitesolutions.com
clssport.com
mercurydrivers.com
fair1financial.com
danieleragatzu.com
airstrats.com
willowporch.com
qeampfdb.com
apexjoy.com
hortifloral.com
timessquarebagelburgers.com
jryasb.info
voicetalent.online
fgzwq.com
btobtoyz.com
bellesemijoias.com
uurvrpieqcxaihakanv.com
kendrickhomeservices.com
viralboing.com
554024.top
shoecityonline.net
crazysarm.com
vikkinetwork.com
easyredir.download
opensourcefunnels.net
leimufuzhu.com
clicklib.com
aktf4zb0.biz
thetemplate.store
lvdianhj.com
eher.ltd
karagiozis.info
sparcindustries.com
aboes.net
disturbanceatslump.com
skfee.com
kslcontracting.com
550094.top
dripmeaning.com
articlesforsmoker.com
erinsisneros.com
intocreatives.com
worldfoodventure.com
usopentennis.wiki
inspiredholycards.com
slickghost.com
airaeditora.gal
betoltop10.com
rtlzue.com
curriculum.ltd
drafter.info
resumenes850.com
vkdqrr.info
orderin.net
limeismint.com
lyontamer.net
michaelbudman.com
dsadsadasdsadsadadsa.net
gotogrs.com
cervox.com
Targets
-
-
Target
swift copy.exe
-
Size
573KB
-
MD5
51ed5644fa60ea88173be008966c2c1d
-
SHA1
e73015b1433639e1a2be19d26b6a5a3b8b39dfc2
-
SHA256
eddcaacc8947b326dd6998c90175846c76375ee953074668354ac72dba27ffdf
-
SHA512
b64bcfd74a38f372c687935590624d31d759df1e913d082e490c025797f00c50f4fa2dbf961a888196f2d151f175bec6227105a6ac372071a696608a710c7c97
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-