General
-
Target
850028d7e116466f16ff9e1f4539f9fefa1f3ada193f5a584bc055934ac6c89f
-
Size
503KB
-
Sample
220521-nv55cahcfm
-
MD5
fab429aed3688d37c1a8cfc92e946eac
-
SHA1
816ae0a530f9655e70963cf7af74e12d6263cc93
-
SHA256
850028d7e116466f16ff9e1f4539f9fefa1f3ada193f5a584bc055934ac6c89f
-
SHA512
9a01a1c0c2d538eb4ca5cac4c7f100097257e64f85f1ca6a586e0fd1eb08d5d54a1d121932042537a069cf9150cadb08ce1b9cd1e6a217e7c36f2650a06ea8d0
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT polizza di versamento.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
n7ak
audereventur.com
huro14.com
wwwjinsha155.com
antiquevendor.com
samuraisoulfood.net
traffic4updates.download
hypersarv.com
rapport-happy-wedding.com
rokutechnosupport.online
allworljob.com
hanaleedossmann.com
kauai-marathon.com
bepbosch.com
kangen-international.com
zoneshopemenowz.com
belviderewrestling.com
ipllink.com
sellingforcreators.com
wwwswty6655.com
qtumboa.com
bazarmoney.net
librosdecienciaficcion.com
shopmomsthebomb.com
vanjacob.com
tgyaa.com
theporncollective.net
hydrabadproperties.com
brindesecologicos.com
sayagayrimenkul.net
4btoken.com
shycedu.com
overall789.top
maison-pierre-bayle.com
elitemediamasters.com
sharmasfabrics.com
hoshamp.com
myultimateleadgenerator.com
office4u.info
thaimart1.com
ultimatewindowusa.com
twoblazesartworks.com
airteloffer.com
shoupaizhao.com
741dakotadr.info
books4arab.net
artedelcioccolato.biz
tjqcu.info
teccoop.net
maturebridesdressguide.com
excelcapfunding.com
bitcoinak.com
profileorderflow.com
unbelievabowboutique.com
midlandshomesolutionsltd.com
healthywithhook.com
stirlingpiper.com
manfast.online
arikorin.com
texastrustedinsurance.com
moodandmystery.com
yh77808.com
s-immotanger.com
runzexd.com
meteoannecy.net
joomlas123.info
Targets
-
-
Target
SWIFT polizza di versamento.exe
-
Size
1014KB
-
MD5
324b9c9d6e2ba577e659b7d84852b4cd
-
SHA1
9327b4ecb17c2369d312e5d06dc02830611bc7a4
-
SHA256
a35a1149597435d58703ab662e49dab5ccc96d77529ebacefcdcf9e298c27e51
-
SHA512
1e6729ef067ac27317c95a2de8f94e8e58d03ea6e13465d793de2602a0d74090076a1867544d35ceb6fa880b0047e2338617532e52841d3be0ebd7cc8d142c8e
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-