General
-
Target
311b93b14784397cf373e4e6a7dfe76df264b4899e734cfc8ef031c004506f86
-
Size
255KB
-
Sample
220521-px7avsgbf3
-
MD5
08f9998951ebdb47b0144fe42b23c17a
-
SHA1
890400560438c1ef42c6e99bd18a12164cf0299a
-
SHA256
311b93b14784397cf373e4e6a7dfe76df264b4899e734cfc8ef031c004506f86
-
SHA512
2ec2945c2ce419b59150905c7d79aa4b58c5ca205b760e054993097368ac5de5463686b88502a21ffa0b55b9b6442385d5d4595e31c15ea8a21b07087a091d03
Static task
static1
Behavioral task
behavioral1
Sample
DHLAWB TRACKING DETAILS..exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
3.9
eb96
mcoutinhoparedes.seat
assestsmagazine.com
giveaway-4skaters.win
upgradetolifestyle.com
imagingnetworkri.net
51wwjf.com
hypstop.com
xn--aupetitsoindescurs-8jd.com
zhijipifu.com
lfqbzx.com
xn--fiqxlo3jzoe6w0e.com
ayhalo.com
rendcarparts.net
speekeesy.com
chillwalle.com
nama-no.com
spidermonkeytattoos.net
leaderhebei.com
syspatch.net
indigrup.com
thereallywildstudio.com
skyland-art.com
apptoparty.info
201680.top
vandoliacpa.com
xmowed.info
streamagazine.com
yeah.agency
daanquan.site
justhanging.online
emdrgeorgetowntx.com
powerprotect1523.win
darmoe.com
aqualityfilter.com
huangchunlan.com
cheqiangwei.net
scottdewaard.net
startnewonlinelife.live
nodustisamust.com
homeconfiguration.com
beelovedchild.com
test-domain-2017.com
kivanccocuk.com
themaritimekrabi.com
bandungkitchen.com
voiceologylabs.com
origamistube.com
gregoryjohnstonstudio.com
beglutan.com
bathhardwoodflooring.com
caliagro.com
celtic-san.com
vorenuo.com
mentalfa.com
nationalelectrocare.com
hoolded.com
trustprosusa.com
1af3ty.accountant
criativafm105.com
conneted.com
jiuzhanglianghua.com
petimoklub.com
2kaiser-electronics.net
backpackjp.win
mansiobok3.info
Targets
-
-
Target
DHLAWB TRACKING DETAILS..exe
-
Size
300KB
-
MD5
04b64453c95193d6cebe5b7d00915d75
-
SHA1
4ab5e5fd31ab5d071ab09d8543ebe9551f63b2b1
-
SHA256
967a6989b7dedfe073c92760bb62a30fa4348109a839d987fe9a0bce6d1d5f2d
-
SHA512
ad1ab62df00b201d0893a001cc0d789b1b6a8c32a849d69fdc7620f3e2aedca426ba434386fcc513c0cf13eab66a1a0ebc5c146c33d7e2b1699367853414b3c0
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-