General
-
Target
b6ca5260fe0d12121268026560ad699cf4f0dadf38b880359a12f283df97fed9
-
Size
283KB
-
Sample
220521-pthhbsgaa8
-
MD5
15a68d0277505a388b3ba0e46d37f500
-
SHA1
146fb815d165b3b0b160a223e8cec45baf8ea30c
-
SHA256
b6ca5260fe0d12121268026560ad699cf4f0dadf38b880359a12f283df97fed9
-
SHA512
e27816105e5663b08bfed137126e04117fc720a8d1c7ba364b4eefae91de29fbebd35f71006203f0b83ad6cd7f2b9014c329c9207841d64ea16e880b1ebe6d8e
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order List.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
3nop
bakecakesandmore.com
shenglisuoye.com
chinapopfactory.com
ynlrhd.com
liqourforyou.com
leonqamil.com
meccafon.com
online-marketing-strategie.biz
rbfxi.com
frseyb.info
leyu91.com
hotsmail.today
beepot.tech
dunaemmetmobility.com
sixpenceworkshop.com
incrediblefavorcoaching.com
pofo.info
yanshudaili.com
yellowbrickwedding.com
paintpartyblueprint.com
capricorn1967.com
meucarrapicho.com
41230793.net
yoghurtberry.com
wv0uoagz0yr.biz
yfjbupes.com
mindfulinthemadness.com
deloslifesciences.com
adokristal.com
vandergardetuinmeubelshop.com
janewagtus.com
cloudmorning.com
foresteryt01.com
accident-law-yer.info
divorcerefinance.guru
wenxiban.com
589man.com
rockerdwe.com
duftkerzen.info
igametalent.com
yoursafetraffictoupdates.review
jialingjiangpubu.com
maximscrapbooking.com
20sf.info
shadowlandswitchery.com
pmbnc.info
shoppingdrift.online
potashdragon.com
ubkswmpes.com
064ewj.info
rewsales.com
dealsforyou.tech
ziruixu.com
naehascloud.com
smokvape.faith
sunflowermoonstudio.com
stepgentertainment.com
tawbj.info
besthappybuds.net
koohshoping.com
ajikrentcarsurabaya.com
jkjohnsroofingfl.com
whatsnexttnd.com
yoyodvd.com
joomlas123.info
Targets
-
-
Target
Purchase Order List.exe
-
Size
368KB
-
MD5
962eef4cf460292ecc166f2b2fc98823
-
SHA1
c666349ef2d17b180d3121954e658d4df231d9e8
-
SHA256
61ce52bb7cf517275e2bea379104a392630ec8dc216790a910f4586efbdca4fb
-
SHA512
32bc1b69343e11308da5309370e9b97969e4b47bf9c942aae97233b60e2ec6380e0c34a094c3d2260a9d48b1d4d821c8bc89071b10f54eaf27000c0625e715ab
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-