General
-
Target
1746f63fe3b4b47c452d7321cec1abc493000042daf190fc09059451e9290dbb
-
Size
293KB
-
Sample
220521-pbl3ssfaa5
-
MD5
3fc8d9c79e6a2130c4da392b42b64d4b
-
SHA1
d9d60c87434186161df08e4b0bd1a1d051f32494
-
SHA256
1746f63fe3b4b47c452d7321cec1abc493000042daf190fc09059451e9290dbb
-
SHA512
677c5fde2c901410a02c33e794cdee8925d4a57e312c43d8dad95c2c9ef7e6b237ee672de3625777cf0dd6738fc067de499e9c70d91e2dd6634357f959b50dc3
Static task
static1
Behavioral task
behavioral1
Sample
RFQ and Purchase Order 060920A..exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
wrez
living-teu.com
buyemerilairfryer360.com
locagames.com
seaworldeg.com
dokushostation.com
nethange.com
lendreview.com
officerdownapparel.info
pandora.store
yuanchuang.kim
kevinimage.win
littleinkings.com
ggluav61.com
fsylkzfkm.download
skansch.reisen
yahunjuij.com
enming.top
wwwha55188.com
russischesvisazentrum.info
document7.com
websiteresources.online
glowwithtabi.com
strongbodyforce.com
viareggiofiori.com
cashmein.net
shopmemorie.com
watchmoviesforfree.click
appsecurityz.com
betwin5888.com
anacakes.net
noberascofruitcrock.com
getchefmate.com
burritobucket.com
www870234.com
thekalpatruradance.com
jypxjgpt.com
maya18.com
yinghuangsiwang.com
huarunzhifu.com
eatmygarden.com
monitoringservice.media
tokamak.systems
oldtestamentbiblestudy.com
dailypath.net
canttouchdis.com
dl0722lq.biz
napplyless.com
masa-yoga.net
entorto.com
becgetsfit.com
entrepreneurgear.net
freetrafficupdatingall.download
transdiesellubrificantes.com
progettando.net
manbet844.com
flowersfoodandfootsteps.com
swc.ink
esta-service.com
atakoymarinaparkresidence99.com
dtechexperts.com
trivialmindofamadwoman.com
iorequeste.com
bumeruwo68.win
peoplespiritcountry.com
regulars6.info
Targets
-
-
Target
RFQ and Purchase Order 060920A..exe
-
Size
378KB
-
MD5
7f97fe13229e97475a0454942646a562
-
SHA1
d0c150fc54a75e97a1bd54833a826b6bc294c177
-
SHA256
b84f164b86250eaee07153f4665af8826f0e934ba80e505ae37ead324f53b971
-
SHA512
870912c5988a4547720393518b3721386bc60724d70bbfc2445ca098475171f332c4b092993d6bea980bd76c2d22bae6b5501555736278469b0936e94ed442b3
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-