General
-
Target
7a89819406800bfa110d3caa0750c54a3fdfd6e2f48b1e236671ce18983517d6
-
Size
513KB
-
Sample
220521-xjrx1sbhb8
-
MD5
921b3241b24e44fd80dc0f5d476adc08
-
SHA1
491727164424d38afa6d057d6733bf4878ce816a
-
SHA256
7a89819406800bfa110d3caa0750c54a3fdfd6e2f48b1e236671ce18983517d6
-
SHA512
512a6b6a9f7be9ca9dc052690d19685ff382b68ff8900bc8f7c9a1601b7aab958381ff65824317cd0199112fc1441b50f3fbd37f60a2087f1c780133baf2a890
Static task
static1
Behavioral task
behavioral1
Sample
UPDTED PAYMENT DETAILS 948998849-909N.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
bnc
saltoasischarleston.com
gor.digital
oneserviceplace.com
ivcfte.info
grasshopperveteran.com
tblacklist.com
noahandvincent.com
bbbmorris.com
coralvillerealestate.info
rjprime.info
smilehdapp.com
texas.kitchen
lifeofbeautifulchaos.com
myfittedfurniture.com
mobiledealsnetwork.com
ateliermusicapiano.com
568027.com
johnmeanwell.com
uneggsing.com
chengshuai88.com
bb9c0clr1.online
ru5hmotorsport.com
massiveplain.com
onyxzoe.com
1k4onehot.men
quantumfingerprint.com
davidkellysounds.com
e-healinghub.com
youaremydestinyth.com
835man.com
iixiah.com
clusterdatacenter.net
comoeducarumfilho.com
heloatfotografia.com
glaucon.net
driverlesspickups.com
conquisteshop.com
estatesdevelopers.com
2ndbeats.com
rustycedarfarm.net
burnsindustrial.net
tictactocchomedey.com
sinanzhiyou.com
blueflamecollection.net
seitai-yuuki.com
dclawnsva.com
vilamouraimmobilier.com
creativa-image.com
funnelsunderground.com
bilaraby.net
leadingwithscience.com
donoteatanimals.net
dakafe.store
easytwopark.com
capipenta.com
wearstrains.com
dyduyu.com
fortunetechnicalservicesinc.com
reqoverflow.com
discephekaplama.site
fattoriabucanuova.com
taobaobeibei.com
wigglewagglers.com
huangyanlin.com
teanmer.com
Targets
-
-
Target
UPDTED PAYMENT DETAILS 948998849-909N.exe
-
Size
661KB
-
MD5
6d8a6794412d626d13bccfbcebda900f
-
SHA1
466ae37bb340ce9ffca60cf8758cde8af08bd077
-
SHA256
dd2e99f4c8b2909221d9cddcae2aa9c5ce4e343cd4ed8e5fa7113e639412ef7f
-
SHA512
de7d7f7290dd4f65ae5954d29b41e6f1bbf78e17142d1287645d8a9cd3ddb3b520a8c782b1846a1f010636512431c289f4917a99dc1bc80b2059130aacd1c25a
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-