General
-
Target
6674ae975b8079fd9edf1293d718d54070dff7dce7b36812726e3ce7b6ffbba1
-
Size
257KB
-
Sample
220521-nxxkzshddk
-
MD5
afbdcb9ec0052ee638733715b0e248ca
-
SHA1
e50a189c1249b43c33899f1c9c98a059508666cc
-
SHA256
6674ae975b8079fd9edf1293d718d54070dff7dce7b36812726e3ce7b6ffbba1
-
SHA512
99e0d0c376b30ce1ad5d75e3193a444e41ce58cce885e52e67fbb0aeb51dd39738d1531e05e6f089894699f6a0029591c7f0834da2d2a3075c51a1d1c2171d43
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Documents and Invoice.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
gw8
congcuchocothethongminh.com
innoventerior.win
rajatickets.com
9ccoin.com
sz-prf.com
xhtd680.com
ronaldcliftonstovall.com
litecoin365.com
cheekywebhosting.com
smartfuture.tech
medjournal.today
tasosmanis.com
tz69999.com
smashmountainstudio.com
antesalarrhh.com
lvtingzx.com
wishingflowercrafts.com
portathemovie.com
pojokkemasan.com
laurie-rubin.science
howdoiupdate.com
akuwhmokto.com
xn--wlq96l79bzux.com
bennettfoamaustralia.com
pretzelcreative.com
noreply18updateaccount.com
etsglobalafrica.biz
chaitaigroup.com
mytmj.plus
hrbzqb.com
thelifeofmissi.com
sechenyplumbing.com
ylokr.com
gajetbaz.com
healthclubpdx.com
greenbriarhome.com
lamaisonduferret.com
anty.site
lingzhitx.com
estudicoach-english.com
earthsbles.com
vonnegutfilm.com
bodoski.com
globillusion.info
dfdaili.com
redacassistance.com
qqqav60601.com
whatsapp-india.com
witey.info
jdmatrix.com
discounthomeenergy.com
berkdershanesi.com
o7ya6q.net
digacoincoin.com
tv17871.info
westsidemortgageor.com
sitefreed.info
robertdebartolo.com
43ey.com
paullodes.com
lbxdq.info
ciyuanfu.com
millsassoc.com
macnia.tech
sandrxy.com
Targets
-
-
Target
Shipping Documents and Invoice.exe
-
Size
385KB
-
MD5
6dc7c43be83d4b6b2e214e5bc28330b5
-
SHA1
9663d0ca118c935428b19e254ce1c2da03439e32
-
SHA256
b49e31db6107c37ac7f40732102d9b574f9bdcafbc227d22122a527e5142e9e4
-
SHA512
1c7961adea4f5006bfe60d89bbeecfad49dd3ae22adedc1230cec36508a1ce5008cef34c4c91a7b0df2a32b9f627f71872e892ccea64909596d02918d66fa187
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-