General
-
Target
12a2e2cc7cbb6a6596a683724d2eb4b83782589c561b9bcf1f9d4aab0cfe97bd
-
Size
379KB
-
Sample
220521-nxjdcshdbp
-
MD5
6f4fce5fdfa84fd2f97ac966274e4d53
-
SHA1
4697f46f8a237340edec0e162e078917ae90dd3c
-
SHA256
12a2e2cc7cbb6a6596a683724d2eb4b83782589c561b9bcf1f9d4aab0cfe97bd
-
SHA512
e699963cc6971e3a64b1cd6fd66d83cfe09aa9a65bf29cd4b1659da36e7178886cd7c02de7af9d746c5335c0ae14e7fd79e67821d8ae6e419f97d42683075899
Static task
static1
Behavioral task
behavioral1
Sample
specification quote.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
n7ak
audereventur.com
huro14.com
wwwjinsha155.com
antiquevendor.com
samuraisoulfood.net
traffic4updates.download
hypersarv.com
rapport-happy-wedding.com
rokutechnosupport.online
allworljob.com
hanaleedossmann.com
kauai-marathon.com
bepbosch.com
kangen-international.com
zoneshopemenowz.com
belviderewrestling.com
ipllink.com
sellingforcreators.com
wwwswty6655.com
qtumboa.com
bazarmoney.net
librosdecienciaficcion.com
shopmomsthebomb.com
vanjacob.com
tgyaa.com
theporncollective.net
hydrabadproperties.com
brindesecologicos.com
sayagayrimenkul.net
4btoken.com
shycedu.com
overall789.top
maison-pierre-bayle.com
elitemediamasters.com
sharmasfabrics.com
hoshamp.com
myultimateleadgenerator.com
office4u.info
thaimart1.com
ultimatewindowusa.com
twoblazesartworks.com
airteloffer.com
shoupaizhao.com
741dakotadr.info
books4arab.net
artedelcioccolato.biz
tjqcu.info
teccoop.net
maturebridesdressguide.com
excelcapfunding.com
bitcoinak.com
profileorderflow.com
unbelievabowboutique.com
midlandshomesolutionsltd.com
healthywithhook.com
stirlingpiper.com
manfast.online
arikorin.com
texastrustedinsurance.com
moodandmystery.com
yh77808.com
s-immotanger.com
runzexd.com
meteoannecy.net
joomlas123.info
Targets
-
-
Target
specification quote.exe
-
Size
810KB
-
MD5
299c603f94babfbb8c3603dd391cec98
-
SHA1
eb9c84751d0e0421ee3ec284a2756885f75c8586
-
SHA256
65463a82bb20ec1f2d53e93c9e51538d55fff2844c746afc36e7a1c43cce36e4
-
SHA512
7c5d3ce7efead015fbafa3eb9578ec79eab4d8661f00d82dc4abc19dc98c7d490625de0118ded95fc39bb6d847c9cbb51ab5860023ff856291c9189d136ffe05
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-