General
-
Target
022b6cac20df5a22b26fb3f4f954117589b2a34cf0cd0b0fcc7fc74f742d4ae2
-
Size
256KB
-
Sample
220521-pp6z5abaam
-
MD5
cdaeca77bfa3e8ab43f8b8505d0f19c5
-
SHA1
0d7773f8f7fee4eafb15c66399beb605beae166c
-
SHA256
022b6cac20df5a22b26fb3f4f954117589b2a34cf0cd0b0fcc7fc74f742d4ae2
-
SHA512
68c0b5ce80a0b83a91fcf376bda3811612eb95934efd594a99110e3e5c71e62dd13babd40367be99a050725e461f56ed84142f072921d9dd459c5e6cbfca5eb2
Static task
static1
Behavioral task
behavioral1
Sample
PO66535.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO66535.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
formbook
4.1
q5e
2177.ltd
thanxiety.com
max-width.com
fixti.net
mostmaj.com
mobilteknolojiuzmani.com
historyannals.com
wheelchairmotion.com
mossandmoonstonestudio.com
kastellifournis.com
axokey.net
peekl.com
metsteeshirt.com
abcfinancial-inc.com
btxrsp.com
amydh.com
ccoauthority.com
lumacorretora.com
kimfelixrealtor.com
iconext.biz
giftstgg.com
imonsanto.com
invoicefor.com
qfhxlw.com
wsykyy.com
gladius.network
peliculaslatino.online
timookflour.com
gxkuangjian.com
utvklj.men
rabota-v-avon.online
sheashealingway.com
thoitrangaoda.com
rytechweb.com
circuit69.com
crowd-design.biz
carosiandrhee.com
778d88.com
calvinkl.com
cjkit.com
jgkwhgxe.com
sanitascuadromedico.com
mellorangello.com
whiteinnocence.com
medtechdesignstudio.net
nurturingskin.com
guardyourweb.net
juw2017.com
jnheroes.com
damicosoftwaresystems.com
gesband.com
onwardsandupwards.info
gopropackaging.com
centerforaunts.com
sarrahshewdesign.com
intelligentcoach.net
iasisf.agency
products-news.com
calvinspring.com
100zan.site
9mahina.com
saleaustralianboots.com
floatinginfotech.com
calcinoneweek.com
yofdyk.com
Targets
-
-
Target
PO66535.exe
-
Size
305KB
-
MD5
a33117822e49edf3dcef2e4cebc88dee
-
SHA1
e6fff97e4976ee885bed6e410d9791e1ddd09068
-
SHA256
ed4c5975dd2434b8e58a71a521021e8fbde3540c76a2518f627571311ad4e4df
-
SHA512
b5947a7ee1161510b62518770ed53dbc2a9b3fd82441eebbb30ef4d8969cffa7ae192e9b27d93ead0c13a7a49a9b57223f933f66ab8fc90bfd4a424fd144a425
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-