General
-
Target
2e94e9f9492519257c3ce0897b7e0b526d202e59e325149a4e292756bbe02dec
-
Size
272KB
-
Sample
220521-px9qzsbder
-
MD5
f258f9694b92c3849e492139ac9a98a3
-
SHA1
4251530ef3d77612642d87bc0e96038db886aff8
-
SHA256
2e94e9f9492519257c3ce0897b7e0b526d202e59e325149a4e292756bbe02dec
-
SHA512
dbf7b421656512bb4781b3de4b83ccfe6d3e7c712cefc5df8b55fcfb4927898dec2b479343dca947a1dd4dc5708e32aa7c3eae8ca0719b3effe229c071ea3308
Static task
static1
Behavioral task
behavioral1
Sample
PO10062020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO10062020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
formbook
4.1
q5e
2177.ltd
thanxiety.com
max-width.com
fixti.net
mostmaj.com
mobilteknolojiuzmani.com
historyannals.com
wheelchairmotion.com
mossandmoonstonestudio.com
kastellifournis.com
axokey.net
peekl.com
metsteeshirt.com
abcfinancial-inc.com
btxrsp.com
amydh.com
ccoauthority.com
lumacorretora.com
kimfelixrealtor.com
iconext.biz
giftstgg.com
imonsanto.com
invoicefor.com
qfhxlw.com
wsykyy.com
gladius.network
peliculaslatino.online
timookflour.com
gxkuangjian.com
utvklj.men
rabota-v-avon.online
sheashealingway.com
thoitrangaoda.com
rytechweb.com
circuit69.com
crowd-design.biz
carosiandrhee.com
778d88.com
calvinkl.com
cjkit.com
jgkwhgxe.com
sanitascuadromedico.com
mellorangello.com
whiteinnocence.com
medtechdesignstudio.net
nurturingskin.com
guardyourweb.net
juw2017.com
jnheroes.com
damicosoftwaresystems.com
gesband.com
onwardsandupwards.info
gopropackaging.com
centerforaunts.com
sarrahshewdesign.com
intelligentcoach.net
iasisf.agency
products-news.com
calvinspring.com
100zan.site
9mahina.com
saleaustralianboots.com
floatinginfotech.com
calcinoneweek.com
yofdyk.com
Targets
-
-
Target
PO10062020.exe
-
Size
344KB
-
MD5
02cf2e5ec0352d4e5ad016bf6a4c3ec1
-
SHA1
8b45260c7d9df1a0a1240c82ec173d7d2fe39dc3
-
SHA256
5ed8ce65c5a1e4b24a300d02167839e8f060bf38c7c407d4a7d2dc5e0d2c80b9
-
SHA512
3bf2c80200b053529afda0064544056b43d5bae40b1370e78555820cf0b4fe3c8a7361fedeb56b4cca99ebe2aab1d15f063c0c0448784eeef44d918bafbf7fe7
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-