General
-
Target
81c89c74bd3c21ddf71d0cf01ec2c104e0ec298e6d2c9430f6bb7ddd8e711d62
-
Size
283KB
-
Sample
220521-pv673sbcer
-
MD5
3b07278f51d5120075a7f5aa240861d3
-
SHA1
cd347db00e02e886fbc676734bea02efaafe9937
-
SHA256
81c89c74bd3c21ddf71d0cf01ec2c104e0ec298e6d2c9430f6bb7ddd8e711d62
-
SHA512
bc8ba07a3917725720df13fd4bef5740f8d521a19b3ed4076bf60d1e4a29fa58ad504d33d26bbf1455038d2ebc1fefaa0204e3c395a6717f00f5d9848f9a4f6e
Static task
static1
Behavioral task
behavioral1
Sample
New Order list.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
3nop
bakecakesandmore.com
shenglisuoye.com
chinapopfactory.com
ynlrhd.com
liqourforyou.com
leonqamil.com
meccafon.com
online-marketing-strategie.biz
rbfxi.com
frseyb.info
leyu91.com
hotsmail.today
beepot.tech
dunaemmetmobility.com
sixpenceworkshop.com
incrediblefavorcoaching.com
pofo.info
yanshudaili.com
yellowbrickwedding.com
paintpartyblueprint.com
capricorn1967.com
meucarrapicho.com
41230793.net
yoghurtberry.com
wv0uoagz0yr.biz
yfjbupes.com
mindfulinthemadness.com
deloslifesciences.com
adokristal.com
vandergardetuinmeubelshop.com
janewagtus.com
cloudmorning.com
foresteryt01.com
accident-law-yer.info
divorcerefinance.guru
wenxiban.com
589man.com
rockerdwe.com
duftkerzen.info
igametalent.com
yoursafetraffictoupdates.review
jialingjiangpubu.com
maximscrapbooking.com
20sf.info
shadowlandswitchery.com
pmbnc.info
shoppingdrift.online
potashdragon.com
ubkswmpes.com
064ewj.info
rewsales.com
dealsforyou.tech
ziruixu.com
naehascloud.com
smokvape.faith
sunflowermoonstudio.com
stepgentertainment.com
tawbj.info
besthappybuds.net
koohshoping.com
ajikrentcarsurabaya.com
jkjohnsroofingfl.com
whatsnexttnd.com
yoyodvd.com
joomlas123.info
Targets
-
-
Target
New Order list.exe
-
Size
368KB
-
MD5
cfc84703691c6640926457cb908b1b48
-
SHA1
8ee0d777616fa968e23bb7ba70962729b2e2295b
-
SHA256
e95f01bbde0fbd70670b820b972768e7fc5f23509495c805ddbc3271030f443c
-
SHA512
51ba82d682cc9923d1d727dbd4dd424f3f2e4ee032948031748ee3bf30afb1228782b790a8611ba60e1c66ae75f7ef167c75af3151b258e8996eadfa7e944717
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-