General
-
Target
52052b4191b4785bd6dc43453882f41dbeb0731111bb2390c33ee30a15ba0bea
-
Size
331KB
-
Sample
220521-nwl3vsebh6
-
MD5
4f7dfc4f45b54a4d4c1a3e9724b353bc
-
SHA1
5f1877c807b0f5347971ba5a2788493ef362a2c0
-
SHA256
52052b4191b4785bd6dc43453882f41dbeb0731111bb2390c33ee30a15ba0bea
-
SHA512
ea811eeedc89edf8acd2a02e554390d8e9d462018fc08618c0f70c5c9e7637a1f60b6779985b2c7ef23c5ea9afba5ae8300cc2738c421c2278cb2a52bd485466
Static task
static1
Behavioral task
behavioral1
Sample
GENTECH PRODUCT INQUIRY.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
GENTECH PRODUCT INQUIRY.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
formbook
4.1
q5e
446f58.com
usadealerskills.com
henryandshekera2018.com
51weishan.com
aidlex.com
1t0tenother.men
ucai-inter.com
khelojharkhand.com
scrimvate.com
nlxgz.info
99083311.com
free-space.site
isaiahfernandes.com
atmospherictechnologies.com
posteuphoria.com
cflcinc.com
fafa886.com
bestapps4ever168.download
bpen.ltd
tongtaikeji0427.com
corykphotography.com
bigfitnessmotivation.com
charmosasp.com
dosasandmimosas.party
craftsportsperformance.com
nija.ltd
cafe-de-assiette.com
djysart.com
401kretirelogic.com
jbmove.net
psycho-therapie-corporelle.com
marinesports.info
wellbeingnaturopathy.com
erdoganmustafa.com
xn--95qr64ar0u.com
thebluebud.com
healvisory.com
vangugard.com
ghostwritta.com
keteairw.biz
jiekou.ink
bankdecentral.com
askencore.com
jydbf500.com
indojobsforu.com
christopher-cloos.com
badass-hosting.com
mukwonagojrsvolleyball.com
vgvg520.com
doamininapproach.win
innaite.net
blockchaiin.site
freedomfieldproject.com
brendavenus.net
stigmergy.world
boschzhineng.com
sanmigueloctopan.com
intrigate.info
weilvsuo.com
marathonandmore.com
mygreenarchitect.com
aktifkadinlargrubu.com
itetelecom.com
highscore.life
yofdyk.com
Targets
-
-
Target
GENTECH PRODUCT INQUIRY.exe
-
Size
642KB
-
MD5
6366b461b56945be4a795ca8bd346ec3
-
SHA1
d08c5c0188c8bb4e84b41bed78a805cbc0a127de
-
SHA256
38d4e4ea5e9b15b4d221cc6627a7b088a54964dfe95b49173a45bc5f9177a249
-
SHA512
dc07e51c460193869514c875cdc5aaa1da59855ebaee8fae5edb44cd4acf35d37190982113fda285c0c7f95fbc5c1c854c13be42d7cad53f46360c0beddd8b82
-
suricata: ET MALWARE Evil Google Drive Download
suricata: ET MALWARE Evil Google Drive Download
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-