General
-
Target
c910b0c026aced55235b98818dce27b57f6a5d55fdc93efa234e9b0aae4eb6fb
-
Size
544KB
-
Sample
220521-xjjawabha6
-
MD5
71764b88119a999d58f295d0a778173d
-
SHA1
ba0fcc3e05d1843b1f886d6037c39f37ba0a0101
-
SHA256
c910b0c026aced55235b98818dce27b57f6a5d55fdc93efa234e9b0aae4eb6fb
-
SHA512
322c3c9bfa77ef5739ccacafdbe44e2f964a8b6d60fde4a0add19b7770396126c421ecbc1e33e92e55daa588391ccaba929f0709b1f397700776cfc675202117
Static task
static1
Behavioral task
behavioral1
Sample
RFQ_august.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
emh
sweetmiya.com
zsyzm.com
carpediem.immo
sparkconfections.com
oliverezechi.net
wearephoenixtraining.com
artistxpressions.com
kesfetmeninkeyfi.com
kasvomaskitnetista.com
mertzlife.com
vcbuild.world
mwessentialcleaningservice.com
fairresale.com
dermot.online
impentri.com
bestsanitizingservice.com
210wscottstj.info
camilafinale.com
pepperhaul.com
centrobiblicomoradasanta.com
brittanyfarmer.com
stencersaintelange.com
filmutam.com
wpierdol.gratis
naturehonest.com
daye5.com
wowyuu.net
dajiangzhibo24.com
768278.com
614express.store
bachelorcourses.com
lys0op.xyz
engineerspost.com
acsn.xyz
ymavispa.com
cubicalmonks.com
phoenixacademys.com
cathywardphotography.com
tomhoge.com
mejorescontigo.com
sorchaashe.com
789yyhh.com
teamborisgaming.com
browngirlfinances.com
container-bnb.com
literarypantry.com
mikageisi.com
mcallistersgiftsandcrafts.com
cobaehorizabita.com
patriotremodelingservices.com
ametrinesupports.com
manageamazonofficialservice.com
myboholife.com
jessicabolton.net
joanakelly.com
theluggageandbaggage.com
themastertout.com
greygathering.com
junjiachina.com
021safe.net
www-kraken.digital
gzyameiao.com
kontacky.com
premiericerinks.com
frecoy.com
Targets
-
-
Target
RFQ_august.exe
-
Size
756KB
-
MD5
f5bf9905ff7c573695fe1e53a1338e5c
-
SHA1
1d531327f162c4bb844f42694fe5da4f95dc9510
-
SHA256
e6ef5385235001a8743ac0ee83f839abdd66abed79cff1429020270168bd9357
-
SHA512
f382aa021ee9ece8ea92fda10391bb540b11f9c172f76c85745b12169de1d9aec0edd8a9649d6033edf5c049c98ff00f6b605b604482d1b25cf343536edba17e
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-