General
-
Target
5dbc56add4738f555a48c4d1e8f9b773421c6881fed842b32c8866943458a17f
-
Size
268KB
-
Sample
220521-pw2zrabchp
-
MD5
a00b302e17a459995db7f6e73335f82e
-
SHA1
bfba7653638188d6e5f988bda3e253ee38baec26
-
SHA256
5dbc56add4738f555a48c4d1e8f9b773421c6881fed842b32c8866943458a17f
-
SHA512
2c50fc5ebde7810e9f64a6d4b14704f75cf34cdd74e633ce2a05696cbb1792f2fd8731cd295d8975105f73f92298587814c03048434d2c8aae78c297b96c624d
Static task
static1
Behavioral task
behavioral1
Sample
Order InQuiry.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
q5e
2177.ltd
thanxiety.com
max-width.com
fixti.net
mostmaj.com
mobilteknolojiuzmani.com
historyannals.com
wheelchairmotion.com
mossandmoonstonestudio.com
kastellifournis.com
axokey.net
peekl.com
metsteeshirt.com
abcfinancial-inc.com
btxrsp.com
amydh.com
ccoauthority.com
lumacorretora.com
kimfelixrealtor.com
iconext.biz
giftstgg.com
imonsanto.com
invoicefor.com
qfhxlw.com
wsykyy.com
gladius.network
peliculaslatino.online
timookflour.com
gxkuangjian.com
utvklj.men
rabota-v-avon.online
sheashealingway.com
thoitrangaoda.com
rytechweb.com
circuit69.com
crowd-design.biz
carosiandrhee.com
778d88.com
calvinkl.com
cjkit.com
jgkwhgxe.com
sanitascuadromedico.com
mellorangello.com
whiteinnocence.com
medtechdesignstudio.net
nurturingskin.com
guardyourweb.net
juw2017.com
jnheroes.com
damicosoftwaresystems.com
gesband.com
onwardsandupwards.info
gopropackaging.com
centerforaunts.com
sarrahshewdesign.com
intelligentcoach.net
iasisf.agency
products-news.com
calvinspring.com
100zan.site
9mahina.com
saleaustralianboots.com
floatinginfotech.com
calcinoneweek.com
yofdyk.com
Targets
-
-
Target
Order InQuiry.exe
-
Size
324KB
-
MD5
cbf04abfe31536e464fb853fd145a6de
-
SHA1
696d354f611589cf631371cdade86277ea5dc224
-
SHA256
e8172cbc3806d750d00a5619e618ffc068b9d8247b5f4da507642e70e32ac3f9
-
SHA512
2162acf2c67f8abdb8602f5acfa6495c028c9ad3bde95c869efa8445c2fea4c083d6bd6122e0061469fff1dcefb6eec420bc6165257a0ef5e19e855a475d78c1
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Adds policy Run key to start application
-
Suspicious use of SetThreadContext
-