General
-
Target
7ec471bff3b6d2a908d526be87f5b5c6889900d880b902ced36ba401c3b54f4f
-
Size
566KB
-
Sample
220521-nwaptsebg8
-
MD5
618bc21afef7328c3e74f53487719f63
-
SHA1
3f9f7addc3147654eb7a7883107df10427b932d4
-
SHA256
7ec471bff3b6d2a908d526be87f5b5c6889900d880b902ced36ba401c3b54f4f
-
SHA512
a2191ec899e454a2aaf09149e3b189fbd15661b10b9f58705770200e951b1569781acc6122014fadb682f47115f90bfdb011be01a80bdd1867b4d6067c7833a1
Static task
static1
Behavioral task
behavioral1
Sample
Gkauepj.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
dgb6
fxocn.com
900900b.com
luciananunez.com
ibcrecruiment.com
saffireups.com
bisuoyj.com
hourofcoed.com
invalidlogingacc.com
airaguevara.net
411edupreneurship.com
angbaidia.com
xn--49s29u.ink
snorkellingcouses.com
apxelim.com
harveyarch.com
wfsettlemet.com
7gongzuoshi.com
aladiesmassage.com
bigboss-marcelo.com
cbdfreebiz.info
maltempire.com
lifemeaning.win
yahfind.com
perfectkw.com
syrustaveras.com
snowhiteaditi.com
best-konto.com
airfaas.com
santply.com
artfromthestart.net
membersonly.info
nike-du.com
mountainvibesco.com
vindataonline.com
canpfp.com
ikenbrown.com
readyforsalebrisbane.com
imagocket.net
ramaist.com
1shoppingonlineusa.com
tammicooper.com
blockchainwealth.group
findyourstreethomes.com
pat-testingsurrey.com
diasporakouzina.net
paulsturmanphotography.com
blacktasty.com
prodottitipicidellemarche.com
thepaintingteacherblog.com
ababrain.net
xn--5brw2j09hdy3d.com
306manbet.com
aripamz.info
viakofi.info
melicharter.net
stirmarine.com
craveiteats.com
fakenewstheplay.com
marketbuilders.info
thegoodlifetraveller.com
zufangtimes.com
e-prezent.com
imajoven.com
pecolla.com
regulars7.info
Targets
-
-
Target
Gkauepj.exe
-
Size
1.1MB
-
MD5
23fa47d1c4f4ab3084b9bd6ea926bb16
-
SHA1
26e854c6a1ee7af3f8a282caf06610b76ce21db9
-
SHA256
0efa7703690d3fe9df70c81d7dea974aa710c7c55a76fd50e6a050bc76698d89
-
SHA512
4be080d2a86c01dd084dcbf4a4fcc7bfd5457f75d5fecbb70092b5703fee6f94f4a5aeda4831272eee19a346eb5ee96475af787fa45ad90be49e007bd68bd8a9
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-