General
-
Target
f5724fd0f22c33f2e9e1158976c6db54b02ba90774ee26eb5e423d5a816bea3c
-
Size
315KB
-
Sample
220521-pdtknaacfn
-
MD5
5ec3febf93b49ff95b8c96f65da8a468
-
SHA1
094b980b64cf66da7a02e5e978cb773ea429013a
-
SHA256
f5724fd0f22c33f2e9e1158976c6db54b02ba90774ee26eb5e423d5a816bea3c
-
SHA512
b83a76844bdcce897893eca3c87e6652e5937ee25467f96b77e889d914a679ff1f4553309320b28ab81e1dc60d2a1e984c211b12feb7ca65b8fb0b135eaf34de
Static task
static1
Behavioral task
behavioral1
Sample
IMAGES-001-QUOTE REQUEST #21800176_354667485903 _09_07_2020PDF.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
gmc
lidaisifang.com
allthatmarket.com
izebike.com
believers.community
redwtf.com
garageloftdesigns.com
flatfeerealtyjax.com
top7blog.com
isotopemimosa.win
turkiyeyedonuyorum.com
rennlaist.com
industryepidemics.com
ps2korea.com
gregoryoreilly.info
bestcheapoemsoftware.com
gudkar.com
soccer-scoring.com
noakhalaup.com
fusejs.com
sendereasy.com
mkssi.info
graginseng.com
taylorgirlz.com
zerunzhuangyuan.com
babatenkai.com
wpform2pdf.com
homeopathie.education
cosmoethos.net
oco-3d.com
rushessayreview.faith
definitivereceive.online
lyfelynx.com
lifestylenote.com
youyikudian.com
vphel.info
mond-vila-leopoldina.com
kayapo.store
eokmn.info
homesforsaleinallentx.com
knottybynatureyyc.com
goreagan.com
rockinspk.com
thewinneradvocate.net
man884.com
eyesonlakeland.com
iphoro.info
sendawnwhite.com
manbet484.com
swty66888.com
clipkoerier.com
kesariyajewelmart.com
dg981.com
smilfofficial.com
zjsxbhwl.com
boludeando.net
vetthevote.net
kamchatka.taxi
enxvv7.info
wiremeshfencer.com
forevachanginuz.com
123wlw.com
saimu-muyou.com
goastairliftnow.live
hebdtf.com
sulicet.com
Targets
-
-
Target
IMAGES-001-QUOTE REQUEST #21800176_354667485903 _09_07_2020PDF.exe
-
Size
504KB
-
MD5
c1b13db471da675d9887133f6de51d4d
-
SHA1
ee4185e2232581c17e45b5598a07a99f49887364
-
SHA256
8ea404b56d3341cbcc42c2f9b99c6cf8aa457d94b5319e19bee72859be9b1c32
-
SHA512
40076fb9f71a1c96be4883cc595a7cbee3da9701ad2633d20a31d125a19382ad14b43de18ff17eac96d211e2885137d61ee34065739c6b5967592a91c8050a65
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-