General
-
Target
26611debaf84aea2efe01015af34f931d14c8567b0fc5b82f02b876ce8848ff8
-
Size
328KB
-
Sample
220521-pan6rsehe7
-
MD5
6d0feda75bd0e5d0d8c6064ef830c01a
-
SHA1
6d6654e843e0973e457347635ef3bc3b765eef69
-
SHA256
26611debaf84aea2efe01015af34f931d14c8567b0fc5b82f02b876ce8848ff8
-
SHA512
a58f44dcf90d48f1eb0fa7d43b165570823b58b7a8aef1368c409a13ca4b6ebb35db851452417ddffd265061002888827f87b1d087125cd1ce690786a2060b96
Static task
static1
Behavioral task
behavioral1
Sample
swift.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
wrez
living-teu.com
buyemerilairfryer360.com
locagames.com
seaworldeg.com
dokushostation.com
nethange.com
lendreview.com
officerdownapparel.info
pandora.store
yuanchuang.kim
kevinimage.win
littleinkings.com
ggluav61.com
fsylkzfkm.download
skansch.reisen
yahunjuij.com
enming.top
wwwha55188.com
russischesvisazentrum.info
document7.com
websiteresources.online
glowwithtabi.com
strongbodyforce.com
viareggiofiori.com
cashmein.net
shopmemorie.com
watchmoviesforfree.click
appsecurityz.com
betwin5888.com
anacakes.net
noberascofruitcrock.com
getchefmate.com
burritobucket.com
www870234.com
thekalpatruradance.com
jypxjgpt.com
maya18.com
yinghuangsiwang.com
huarunzhifu.com
eatmygarden.com
monitoringservice.media
tokamak.systems
oldtestamentbiblestudy.com
dailypath.net
canttouchdis.com
dl0722lq.biz
napplyless.com
masa-yoga.net
entorto.com
becgetsfit.com
entrepreneurgear.net
freetrafficupdatingall.download
transdiesellubrificantes.com
progettando.net
manbet844.com
flowersfoodandfootsteps.com
swc.ink
esta-service.com
atakoymarinaparkresidence99.com
dtechexperts.com
trivialmindofamadwoman.com
iorequeste.com
bumeruwo68.win
peoplespiritcountry.com
regulars6.info
Targets
-
-
Target
swift.exe
-
Size
465KB
-
MD5
6e781b726c45d693c88ae0bdf8e6337b
-
SHA1
b6d84ea7f7308ef4242f27ef9911b932742c72ce
-
SHA256
1d1c9ee0b1adaa5a121fd70d332785395ad22538f9cdc7db44414c1604e28919
-
SHA512
53c3e789645d699dead786aac370fc2453fed76d397eef12027549ccb4b309170ad71e13fe2a1ccae7cbb592e9bc8e5e0cb073cf517b43aa545a8b1ff6c1598a
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-