General
-
Target
266578a915ac153e5cc8f553b1a0d31fcaf763a30a1fd94d55854d46aa9fe10c
-
Size
253KB
-
Sample
220521-pnhadafff5
-
MD5
4163119052ec0ac95fac54f37c1facb7
-
SHA1
03fc797841091c14625210ee0dbf17f026049526
-
SHA256
266578a915ac153e5cc8f553b1a0d31fcaf763a30a1fd94d55854d46aa9fe10c
-
SHA512
58bedfc6859402c5532a3017c6dbdb6a7be8dbf778e2c31f05419e16dbb977ba00778c15cface4aea89de94c2d36c281f05d2c611d826422431a746f2794d29a
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice Ref SCB100736792577.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.0
jac0
chatbot-consulting.com
alynt.info
saudiarabianwomenjobs.biz
kingtour.info
poshlacore.com
hypnosetherapist.com
tampahurricanrelief.com
qqgan16.com
tag-designco.com
viaeviastaff.com
unhosting.today
apple-request.info
whitesauce.net
627evq.info
mygolfingwarehouse.com
materiaprojects.com
rj-ipt.net
cordences.com
invescoapconference.com
supplementcult.com
flfsd.net
rasa36.com
nicorise.com
xdomainz.com
onlinemoneyguru.com
playupmusic-mail.com
zpdqd.com
convertproof.net
disasterreadyclub.com
1t1threeout.men
prestijoto.net
mining-tec.com
kleinpelteam.com
bbslsj.info
krebsoottthrobseousfleis.win
homeinandalucia.com
gillespievideocreations.com
zbktw.com
blogs-caraibcreolenews.com
huitiemeciel.com
rodrigodahora.com
salon-lewalo.com
webstudio20.com
realtheproducer.com
sistereasyweed.com
belendeazcarate.com
computerrepairtacoma.com
cbrenp-crosspoint2030.com
krystaeducatrice.online
gastro-va.com
1t1sixtake.men
birimmarble.com
springfieldrise.community
hachette-service.com
fbhlpsn.com
hotmessanglerapparel.com
stephenwinterphoto.com
xn--fhq334dxx9a.net
acctedu.com
huafeng.biz
united-transfer.com
toppayingsites.info
sc2zhibo.com
repsolenergyinc.com
regulars5.com
Targets
-
-
Target
Payment Advice Ref SCB100736792577.bat
-
Size
267KB
-
MD5
22ca964538e0d241d32f43dd21339a71
-
SHA1
554da18303b6f1effcd638c037a1a77181ea2fd8
-
SHA256
f6557b3412ca78e87ff38632aaf24732b74da646678fd6ea5f01134bb498fd14
-
SHA512
85924e1b21580b4f18f70ffd165e50e6b82e1746a7a5bb17762384df796137f39d0bb14773be9650da693e2ac5f1f3e3ac5df10c1558ac9243fd34116d521f87
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Suspicious use of SetThreadContext
-