General
-
Target
bc5af6d6aa8b703a81fe8ba15788bf4de8bc9f5c69d300eb15559df8960b3232
-
Size
502KB
-
Sample
220521-xev4waehdk
-
MD5
7101fce5a4db622570268cdb05a1fc42
-
SHA1
c6b7526738e5ac5068f8e070e8336cb4c1960ceb
-
SHA256
bc5af6d6aa8b703a81fe8ba15788bf4de8bc9f5c69d300eb15559df8960b3232
-
SHA512
9b7fa9b2aaf112d702cc65ab08c13f7b6815a4429d32b84c72efd8f773e96c55ab4d7372e80d343a7f2b5480baddb09cabd811135b2436cb2e44521e8793779a
Static task
static1
Behavioral task
behavioral1
Sample
Attached is list of our purchase order.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
3nop
bakecakesandmore.com
shenglisuoye.com
chinapopfactory.com
ynlrhd.com
liqourforyou.com
leonqamil.com
meccafon.com
online-marketing-strategie.biz
rbfxi.com
frseyb.info
leyu91.com
hotsmail.today
beepot.tech
dunaemmetmobility.com
sixpenceworkshop.com
incrediblefavorcoaching.com
pofo.info
yanshudaili.com
yellowbrickwedding.com
paintpartyblueprint.com
capricorn1967.com
meucarrapicho.com
41230793.net
yoghurtberry.com
wv0uoagz0yr.biz
yfjbupes.com
mindfulinthemadness.com
deloslifesciences.com
adokristal.com
vandergardetuinmeubelshop.com
janewagtus.com
cloudmorning.com
foresteryt01.com
accident-law-yer.info
divorcerefinance.guru
wenxiban.com
589man.com
rockerdwe.com
duftkerzen.info
igametalent.com
yoursafetraffictoupdates.review
jialingjiangpubu.com
maximscrapbooking.com
20sf.info
shadowlandswitchery.com
pmbnc.info
shoppingdrift.online
potashdragon.com
ubkswmpes.com
064ewj.info
rewsales.com
dealsforyou.tech
ziruixu.com
naehascloud.com
smokvape.faith
sunflowermoonstudio.com
stepgentertainment.com
tawbj.info
besthappybuds.net
koohshoping.com
ajikrentcarsurabaya.com
jkjohnsroofingfl.com
whatsnexttnd.com
yoyodvd.com
joomlas123.info
Targets
-
-
Target
Attached is list of our purchase order.exe
-
Size
1018KB
-
MD5
51c0b8ed8fefbc54a2dee932441e60f5
-
SHA1
f1725101ee1c02864a3e829d08d9062d9f05a694
-
SHA256
ab654da16e2c42b2547b884c79f0829214b34e0d1db7ab0ad23271a66f3298c3
-
SHA512
1d596345a1e54f24de8e2b2d086eed00ec822caab7b985abae37df15d300419ef0e0dc81d7154b73c89a2fa74b9fecc4d42f7fb09f56cb0e33e415056baf8804
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-