General
-
Target
f3d00f6b1e78ee064a9d0284a926a86badb7da7f5a082da8dbe905ae32117f07
-
Size
307KB
-
Sample
220521-nyg7paecf9
-
MD5
17d1269c9c0e60b60c4a25ba53d28270
-
SHA1
5c75cbe1f2d184aed038cfb1aa9561a0b8687d5f
-
SHA256
f3d00f6b1e78ee064a9d0284a926a86badb7da7f5a082da8dbe905ae32117f07
-
SHA512
31e0234a780bf9213b284eb47857ba033ed7267b8048fc9f25a64a9a6a7b46dae952eb249f3e871acfa553adf4017f43323808e79f9a05cc5acb4157aef75fd7
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING DOCUMENT & PL.rar.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
3.9
c0w
pabloquilca.com
toppayingsites.info
karaokeparty.live
xn--xoq51di8gdwfx2ci32k.com
onceuponalltime.com
fxwumo.info
how2guide.info
tourcaminoinca.com
lillianeppert.com
mychopshop.com
czccm.com
carleillinoismedical.com
ambre-editions.mobi
jigoloistanbulankara.com
florencia.site
bbaa77.com
minersclub.xyz
angangken.com
eleventhhournotary.services
poenbomba.com
paradiseairfresh.info
osaandpartners.com
8x0seven.loan
aljannahumrahtours.com
pushfmradio.com
lsbjys.com
tillandsiasubscriptions.com
firstbaptistmustang.com
xn--3jsr6f61c606f.com
91sq2.com
thebeyondshop.com
lab2fabcosmetic.com
saishihuodong.net
webtregu.com
cassandcasey.info
324xbp.info
estudio-meraki.com
tneducationnews.com
oxfordiphonerepair.com
tianh2014.com
tymy0997.com
origincondoassociation.com
dzlynk.com
thenewalexandrialibrary.com
accecon.site
daozuxueyuan.com
wechli.com
fastasting.com
evdenevenakliyatimiz.net
fashionyoucan.com
aniverce.com
onlinecasinos77iceland.com
uniformshoponmain.com
edgenuityy.com
growthscaling.com
gpr-services.com
uuatme.com
il-trono-di-spade-streaming.com
ixzkart.com
meredithviguers.com
habittearooms.com
highperformancesaleshabits.com
widgetwazoo.com
milliongam.com
salomdy.com
Targets
-
-
Target
SHIPPING DOCUMENT & PL.rar.exe
-
Size
533KB
-
MD5
62d26e6034ee056e4fcbbf1e6470566a
-
SHA1
514fd27391c58851624b4700ee486f4dcb1515e6
-
SHA256
b801afb5529bee671ee0219b95450122f641260b372695c89d7bdc5c2c227b65
-
SHA512
257f440d7de732cd7ccd226cb456da981a104c9f04b5d4af344c3d9435649f5da59da8d553e27d900ff1f8abd1e0857572230b872651e89e934429d08cc42dec
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-