General
-
Target
d3135a8df1547e8ebd4b0bd048f3e4d0e5e6c0fe2f99b90b80f09a17be4cb364
-
Size
549KB
-
Sample
220521-nvc4kaebe4
-
MD5
f2f49b8cea58408e80b277a20d1f02ff
-
SHA1
6b84d638b4619bff67b3077c11900b8318daf1c3
-
SHA256
d3135a8df1547e8ebd4b0bd048f3e4d0e5e6c0fe2f99b90b80f09a17be4cb364
-
SHA512
2d8b79452a6fe5d75a4cb157e0bfd360b7ad4b0c87f3cb799ee2b9f6d2b2a5d2a7a749f670b9c0e4f15d0458b71f5afc2f29d4ff2726ebc85bdd0162c74f3dbe
Static task
static1
Behavioral task
behavioral1
Sample
USD 87700,000.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
USD 87700,000.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
formbook
4.1
n7ak
audereventur.com
huro14.com
wwwjinsha155.com
antiquevendor.com
samuraisoulfood.net
traffic4updates.download
hypersarv.com
rapport-happy-wedding.com
rokutechnosupport.online
allworljob.com
hanaleedossmann.com
kauai-marathon.com
bepbosch.com
kangen-international.com
zoneshopemenowz.com
belviderewrestling.com
ipllink.com
sellingforcreators.com
wwwswty6655.com
qtumboa.com
bazarmoney.net
librosdecienciaficcion.com
shopmomsthebomb.com
vanjacob.com
tgyaa.com
theporncollective.net
hydrabadproperties.com
brindesecologicos.com
sayagayrimenkul.net
4btoken.com
shycedu.com
overall789.top
maison-pierre-bayle.com
elitemediamasters.com
sharmasfabrics.com
hoshamp.com
myultimateleadgenerator.com
office4u.info
thaimart1.com
ultimatewindowusa.com
twoblazesartworks.com
airteloffer.com
shoupaizhao.com
741dakotadr.info
books4arab.net
artedelcioccolato.biz
tjqcu.info
teccoop.net
maturebridesdressguide.com
excelcapfunding.com
bitcoinak.com
profileorderflow.com
unbelievabowboutique.com
midlandshomesolutionsltd.com
healthywithhook.com
stirlingpiper.com
manfast.online
arikorin.com
texastrustedinsurance.com
moodandmystery.com
yh77808.com
s-immotanger.com
runzexd.com
meteoannecy.net
joomlas123.info
Targets
-
-
Target
USD 87700,000.exe
-
Size
1.1MB
-
MD5
818f7516f05f3031b20c0300649e5c01
-
SHA1
1529ab8f997fd8010d2b43d920cd7eec1a18e126
-
SHA256
35bb2187c8bcf8921677dc34a4a3bf7f33144c97370346f4ff616c82a2e278b5
-
SHA512
8cd2fe02936797a20dc1f22a502e27ff5d2e8679386252c47c0a3a6dccec01c87b91c92adf227378898e0946c1d67d0733011df179d81874308dd52455c3c14d
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-