General
-
Target
fc867430c8efb6bfa3c5c95cc1378607a14d740b5597a69b9a05dd278fc542ed
-
Size
264KB
-
Sample
220521-nybpxaecf6
-
MD5
8ad3c1e4cc63bc6f9f41c15781508481
-
SHA1
55b5c94ee0cd0b43af44f3beff2eead12d08c4b1
-
SHA256
fc867430c8efb6bfa3c5c95cc1378607a14d740b5597a69b9a05dd278fc542ed
-
SHA512
b526f8e72a10727ada7474b9ac7b9f3133aadd26749628716e97aea4b7dcbf817d56b03ae65a52c84b57896ca8d3a6bfccde67f66b7f172b327e5692423bc906
Static task
static1
Behavioral task
behavioral1
Sample
PO C10090.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
q5e
2177.ltd
thanxiety.com
max-width.com
fixti.net
mostmaj.com
mobilteknolojiuzmani.com
historyannals.com
wheelchairmotion.com
mossandmoonstonestudio.com
kastellifournis.com
axokey.net
peekl.com
metsteeshirt.com
abcfinancial-inc.com
btxrsp.com
amydh.com
ccoauthority.com
lumacorretora.com
kimfelixrealtor.com
iconext.biz
giftstgg.com
imonsanto.com
invoicefor.com
qfhxlw.com
wsykyy.com
gladius.network
peliculaslatino.online
timookflour.com
gxkuangjian.com
utvklj.men
rabota-v-avon.online
sheashealingway.com
thoitrangaoda.com
rytechweb.com
circuit69.com
crowd-design.biz
carosiandrhee.com
778d88.com
calvinkl.com
cjkit.com
jgkwhgxe.com
sanitascuadromedico.com
mellorangello.com
whiteinnocence.com
medtechdesignstudio.net
nurturingskin.com
guardyourweb.net
juw2017.com
jnheroes.com
damicosoftwaresystems.com
gesband.com
onwardsandupwards.info
gopropackaging.com
centerforaunts.com
sarrahshewdesign.com
intelligentcoach.net
iasisf.agency
products-news.com
calvinspring.com
100zan.site
9mahina.com
saleaustralianboots.com
floatinginfotech.com
calcinoneweek.com
yofdyk.com
Targets
-
-
Target
PO C10090.exe
-
Size
309KB
-
MD5
52b9520f67483c03673b18e500cdb728
-
SHA1
c23ebfec4a59e85985dabe251390a195ce3d43ca
-
SHA256
65cd6807556189c85811f11fb91a981749e7d9760e5a72c0845dd6b8ff93a8f9
-
SHA512
38b4ca1c96f6436a7a884ea949af40a2ef52446a0aaeee27e925b8eb8954ded1fcd0f07337d397f9bb4e69c73ccd019826de9cdb0530fa709db7a988cb658677
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-