General
-
Target
dbf35f616352c0c9af4ed99d7400e21652220a70852bd47d02274a8ba36fac79
-
Size
230KB
-
Sample
220521-ny66taheaj
-
MD5
6ca77528ffd5d678376d1ccc6c4ba7ba
-
SHA1
10cfaa50c55778aba58835cfe36b18489af4a829
-
SHA256
dbf35f616352c0c9af4ed99d7400e21652220a70852bd47d02274a8ba36fac79
-
SHA512
ea727df65322dcb5e4f4cd1e3df035aadc554480465c97ad1d17ee8a839876f6d59db8d1c8fa5fac2663bbb0986787abfe52f77373f6a94d1553a169020fa6aa
Static task
static1
Behavioral task
behavioral1
Sample
Details .exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Details .exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
formbook
4.1
2f8m
blockchain-cn.com
misujiaju.com
fitzdrip.com
allamericanbiofuels.com
xppjjj.site
0e0fourwhen.men
overwatchtournaments.com
abbeygreenapparel.com
furnishedflats.net
accuitouch.com
luxuriousalmonds.com
craigdentistry.com
evilunderworld.com
lrat.ltd
invisibleversion.download
redroofgrandjunction.com
f8zghxjb.com
dramatic-ally.com
jjmackeypr.com
mumbaichatka.com
gallerygrand.com
bjlrfs.com
giadinhbio.com
beeclearer.com
bojny.net
jfh-hotel.com
dayilaila.net
viralcrews.com
hedgefundmarketer.com
voidlord.net
fswkk.com
bgdnj.info
jacobcook.net
bnbconfidential.com
floting.com
herovisit.com
remotesensingsolutions.net
igo.support
mathertonfalls.com
35264v.info
abogadosadomicilio.com
com-verf-acc-41134.net
wholesaleshoesonline.com
teamhope.online
muenchen-medical-academy.com
molliepayments.com
firstclassvalettx.com
credit-card-payment.online
sunshineboutique-ks.com
arenadoaz.com
certifeo.com
theorganizedu.com
teenxxxasia.com
ukchair.com
organiseasurpriseparty.com
tonedwithshiva.com
haocatlitter.com
benleix.com
distant.ltd
axcwd.com
perutotravel.com
drlee.today
izmirakinevdeneve.com
floyspoetry.com
masionlex.info
Targets
-
-
Target
Details .exe
-
Size
262KB
-
MD5
51394114dc03bd1d43c334d68b2fe541
-
SHA1
9b5b41e1302a8182b7815c5bafa228ac20e74f51
-
SHA256
7db92553a32ee324311207e9a94d3112d8b2030ea67bea4b2527b71c37701cac
-
SHA512
5fad65207982664a2e0f98a01678194f860c3a832ebdf253242bb23444b634aa4ae68e7771d634cf39ef73a922755a98e3e9eb84b8498a22a05e06b679ca4d37
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Suspicious use of SetThreadContext
-