General
-
Target
4d58860b5ec12cfdf4e20a5aad49b6c607e5f6a19f0a9b6514a2f081d0cbce42
-
Size
948KB
-
Sample
220521-pe4r1saddp
-
MD5
642fdd4f91b76481b577dc03aba6150f
-
SHA1
47e4c592a69a8ed9bb57ab3db8391570db695ede
-
SHA256
4d58860b5ec12cfdf4e20a5aad49b6c607e5f6a19f0a9b6514a2f081d0cbce42
-
SHA512
9db522127c60278571fc8b43ff48e507a4714b5466dc187bf0c8dd406079df3f6593465eea46a646101dd05c0548c3634509f73684194bd6aba57d2aeb4c7f25
Static task
static1
Behavioral task
behavioral1
Sample
quote108.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
vcd
lacittauniversitaria.com
godsdigger.info
stxfwj.com
sing-uk.com
crazyedu.com
sunchermical.com
cocaparis2024.com
ahazm.com
li021.com
bizzspire.com
jb-o8y.com
ssconlineadmitcard.com
merkled.net
nesaraconstruction.com
viba.ltd
rasshoferconsulting.com
slingersdlbrbhjs.download
higgins-plastering.com
prostickusa.com
szryyl.com
crfmail.com
758elpintadord.com
things4dogs.com
skyhub.solutions
casavillaesperanza.com
xulynuocthainhiemdau.com
danarebecca.net
tongren119.com
k-908.com
zedbloggeronline.com
loqiri.com
fhjej.info
weihuimao.com
biokinemetrics.info
thevistatoledo.com
b2btechemail.com
duhe.ltd
artgarfunkelbooks.com
lessentielstudio.com
sdoubote.com
perfectdiveform.com
hanguoxuebingguanwang.com
readlies.com
xn--fiqa07aw9y6mlc3hiqb4w5k.net
sabkimaggi.com
keyways-lnt.com
xn--snapcht-bxa.com
whatsthebestfrench.com
saddamakhtar.net
tpscrtcnsltng.com
ysiemprendes.com
abcconcours.info
lienvision.com
97ping.com
canthihocduong.info
shjdfc.com
yinghuatianyi.com
fincasyvecinos.com
thefoodieboo.com
leafworkdna.com
ads-strong.com
juhao.site
thsavingsbankohio.com
matthewjgardner.com
godhep.com
Targets
-
-
Target
quote108.exe
-
Size
1.3MB
-
MD5
da64fb838cf3e807f83bedc61659574a
-
SHA1
dace8b92ed4181ea1959aa42edb94d11e71fe47a
-
SHA256
f17cee91692c671592aa451fea1c86090f9ff613dfad84a5e7f17c18fe939e1e
-
SHA512
d73e152e30b2b64fd25de87cee3f8baa4df42f19c2a71b6c51e21a9d4c95e2b4e8cbb119b7921702e1b0746bf88cfdfbe79b24c87913d0815562677afb3d2aeb
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-