General
-
Target
acc4d8e95dd29d9938aa45721d589407dd9e2712e6035d620068709c1bbe600e
-
Size
241KB
-
Sample
220521-xew16sbeg6
-
MD5
45b61bca34efec06eba0469fe2003b55
-
SHA1
a2c05569f3205d6d682ea409293469867489f729
-
SHA256
acc4d8e95dd29d9938aa45721d589407dd9e2712e6035d620068709c1bbe600e
-
SHA512
eda1cafbb7c3497e009feabe99d157b8a392b401ee9a96589e9ea3d375ec5796f81b1a8e092a77750f92f601b15bc84d7df2495b7390f40c3b896a46cd1d1224
Static task
static1
Behavioral task
behavioral1
Sample
products samples.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
n7ak
audereventur.com
huro14.com
wwwjinsha155.com
antiquevendor.com
samuraisoulfood.net
traffic4updates.download
hypersarv.com
rapport-happy-wedding.com
rokutechnosupport.online
allworljob.com
hanaleedossmann.com
kauai-marathon.com
bepbosch.com
kangen-international.com
zoneshopemenowz.com
belviderewrestling.com
ipllink.com
sellingforcreators.com
wwwswty6655.com
qtumboa.com
bazarmoney.net
librosdecienciaficcion.com
shopmomsthebomb.com
vanjacob.com
tgyaa.com
theporncollective.net
hydrabadproperties.com
brindesecologicos.com
sayagayrimenkul.net
4btoken.com
shycedu.com
overall789.top
maison-pierre-bayle.com
elitemediamasters.com
sharmasfabrics.com
hoshamp.com
myultimateleadgenerator.com
office4u.info
thaimart1.com
ultimatewindowusa.com
twoblazesartworks.com
airteloffer.com
shoupaizhao.com
741dakotadr.info
books4arab.net
artedelcioccolato.biz
tjqcu.info
teccoop.net
maturebridesdressguide.com
excelcapfunding.com
bitcoinak.com
profileorderflow.com
unbelievabowboutique.com
midlandshomesolutionsltd.com
healthywithhook.com
stirlingpiper.com
manfast.online
arikorin.com
texastrustedinsurance.com
moodandmystery.com
yh77808.com
s-immotanger.com
runzexd.com
meteoannecy.net
joomlas123.info
Targets
-
-
Target
products samples.exe
-
Size
494KB
-
MD5
e64f048c8c196195443a74e911748666
-
SHA1
42d24e14f852afba26c793bf4063ad80f581452a
-
SHA256
cbb6d89187847aab1fcff6b5d832ea80bca30bfe5520702133cab83335392ead
-
SHA512
0101a9d60cfbf7dbabf5e7c3d119c12bd5774926387fb51606e5715ee80554c8311b5bc2060e4a329199a696799a593b8a7b4af9315c06a009228e3832e56f75
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-