General
-
Target
f7ecfaeac5396a71dfb3d37217125df96e854c2920da7d474184145445f13896
-
Size
1.2MB
-
Sample
220521-pradyafha6
-
MD5
fd26a83ec3b8bee5f6bb778b98a47629
-
SHA1
ab83ea20dc54304d755cfd874510129ccbeb0bae
-
SHA256
f7ecfaeac5396a71dfb3d37217125df96e854c2920da7d474184145445f13896
-
SHA512
6748835104acdf26001bfc4b2ea34345070781c5cc770eb3f8f84f07ffd33f40c6610d0ddb4d7224e1e8150c608f80418450300a260d490ca2842286dd8a5147
Static task
static1
Behavioral task
behavioral1
Sample
BANK_STA.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BANK_STA.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
formbook
3.9
hsk
fastcarsforless.com
motmx.info
mail-identity.info
eurovision360.com
hongmuchuanqi.com
ekamente.com
lifestylechristianityfilms.com
garsongroup.com
vykupujeme-knihy.info
mosqueswatch.com
eiyaw.info
multiexample.win
fastkart.net
thebestviva.com
resellers-store.com
dominobets.com
cluemagz.com
aleshianicole.com
craftsmandeadmiration.com
flossiecrums.com
testvmsep07frad.net
besthairsaloninliberty.com
bluelovecuracao.com
zhifufarm.com
rapa.ltd
roofabovemyhead.com
fasttracklead.com
anoithealth.com
producovendo.com
itervato.com
safaritasarim.com
miano.ink
thebusinessbookcase.com
jingmingeye.com
sailchain.com
asafrica.com
ordufatsadenizcilik.com
dermaepic.com
www44334008.com
hahnbros.net
train-time.com
icc-cricket-worldcup-2019.com
ly0186.com
juristour.info
positivezen.com
equifaxclassactionsuit.com
moviehdwatch.net
femgamer.com
letsgetstartup.com
ubmspain.com
musangz.info
lifestyleoutlaws.com
casagrupo.com
jtswildlifecameras.com
dtbjy.com
thanhphatphat.com
godhatesgod.com
myvirtual8.com
neutral.reviews
blitzmarketing.net
danredznak.com
foca1-po1nt.com
alwayskissingstudios.com
bigfinehive.com
ulxery.com
Targets
-
-
Target
BANK_STA.EXE
-
Size
339KB
-
MD5
c9b0c4cb22b9f6ca2ba4e65a6ddd3f85
-
SHA1
1db3cc412c6785f5380dc3dd62d8532b6e306ef6
-
SHA256
2fdf0daf15395bf89c3baab2efff427dd7026ba306bb5c77c5f5598f5c6eb30f
-
SHA512
28e7992983db2edea83b57af7e3c1848ccc46ef71db3cf1ba250eba3199cea219df2899090b175f944d7315b949fbe1e876a02690bdf607aba1788a8e9f65f74
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-