General
-
Target
2d4b447cd683c9551f780d5da0f8591446a845a8059f630fb792e4c2697401ce
-
Size
321KB
-
Sample
220521-pab67sehe2
-
MD5
31ce3c087864a2ab3b83bce8b3f03a3d
-
SHA1
417c48a34113a09f36b7ff67901cd78e2828e885
-
SHA256
2d4b447cd683c9551f780d5da0f8591446a845a8059f630fb792e4c2697401ce
-
SHA512
194f58813fd240289daaf0a70cee55dc7f6f50eb67fb3126f502eaee2ad8ab68baa8e8693d2956b88546fcc7665f68f62117b7bc90e19b42db6ad276ba925808
Static task
static1
Behavioral task
behavioral1
Sample
quote-THP1403 080620.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
k859
tealpineapples.com
boatybracelets.com
srurslzmd.download
oregonclimatesmart.com
holistics.net
allsystemsforupgradesnew.review
005554008.com
inteligenciamental.com
valedamente.com
novinsaraf.com
schnyderfor.com
newideait.com
horny-for-art.com
susanmurphree.com
lineage2impact.com
khaoskoordinator.com
baolanhuc.men
equifaxlaw.com
aaronsalvato.com
radioxxesertanejo.com
mypheis.com
goswim.life
sellmypropertyforfastcash.com
qebhw.com
theking4d.com
ghost-dragon.com
dayconkhoahoc123.com
carsindo.info
whdajing.com
sofanamphat.com
townsendindustrialestate.com
bighelptexas.com
stylesbyjeannie.com
ninteract.com
boqixinhai.com
m8iuvser72zlw.life
livingem.com
saywhoyou.com
wintergalen.online
smurflegends.com
rgsends.info
jbxcomunicacao.com
faszinierendeweltderquanten.com
yourstoryheredc.com
vij-me.net
weddingbarbells.com
abundantcopy.com
jingjing6668.com
sanjuanchartering.com
pinckneyboutiques.com
hongkerfa.com
gifted-experiences.com
xn--9i1bt6k.net
acledabnk.com
jyh51888.com
dlhzrv.com
firearmsupplies.com
northerntiny.com
globalwealthaid.com
ifueldrop.com
creamyjustice.com
zk-devops-jenkins.online
feiyuntech.com
granduniontour.com
mansiobok2.info
Targets
-
-
Target
quote-THP1403 080620.exe
-
Size
456KB
-
MD5
04e9512a58cc579f1a304cf851c26953
-
SHA1
11abbf143e53cc33fd9f3faaafcd405d1554c3ab
-
SHA256
c327cc4c54ba20e649ab27c83ea7d5fcf2a596ae3f9feb50b2f5d550bcb71bf8
-
SHA512
89bc87c2289b3dc9ed2aef97ce3a44634c60d0f8fb842691fa7c1a2ec6a184fad7ab345d8d5fd673f4e283e6e3774f6d5ee8522abb29e9aba4d2c29f0f80967f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-