General
-
Target
62ea106bcccb1514b2dc55f5ef7e4fd0b9d1b6943f104e719efc53abe4ea6634
-
Size
511KB
-
Sample
220521-xjvnxabhc2
-
MD5
14b803db733bac403f630661535f2d5d
-
SHA1
2e0b3d4faea71fb933dfe355d789350bc27cb414
-
SHA256
62ea106bcccb1514b2dc55f5ef7e4fd0b9d1b6943f104e719efc53abe4ea6634
-
SHA512
49a2f8c4cc6c499d01e8b84084a9b7da1fa43fca780284e20a926c8c1729db200e8c23042e25f151029637951bbdb47e3cdc141f5c5ea8fc94f8a001bb070f48
Static task
static1
Behavioral task
behavioral1
Sample
?????? ?? ???????.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
kvsz
okashyns.com
sbsgamedaejeon-two.com
drb77.com
top5dating.com
websprings.online
voizers.com
zenith.site
lahistoriade.com
qv85.com
armandonieto.com
priestvedic.com
jessandjeff.net
magic-desktop.com
jitaji.com
ldmeili.com
yuwanqingmy.com
buzhouorg.com
chaiseloungereviews.com
m2g8way.com
freespin-support.com
bocapvang.net
315px.com
eugeniobarros.tech
sif.email
xn--oorv2aj6bj7cds0d6p4b.com
polychips.com
grouptulip.win
landbank.site
bet365c.win
inbonz.com
outofthepark.today
jeaniney.com
weeip.com
dmoneylife.com
rticlubs.com
reisedating.com
marijuanadogbone.com
funippon.com
banknotesync.com
alexandre-boissard.com
valorartetattoo.com
savetheverse.com
specificpcshop.online
h0jt1y.accountant
jiqing3.com
alfaranakle.com
saft-store.com
wanderingcollective.com
santandermobi.online
557023.top
loulancaster.com
vedattelekom.com
jatinangorcity.com
goldencanaries.com
edgaralanbro.com
levelretail.com
taylorsandbek.com
upbeatnewyork.com
motoreselectricoschihuahua.com
hotair.wales
getawomantodoit.com
xiaoxiong365.com
cloudboxsupport.com
vecteur-u-shop.com
fex-tracks.com
Targets
-
-
Target
?????? ?? ???????.exe
-
Size
662KB
-
MD5
203f52c19d874bb4206677f8075c7677
-
SHA1
9f0b37d6aa3854442d0336a0a853593f9177ad85
-
SHA256
cdcf2838549fff5889e730c6acf553d1de2940575da7e75b8aeefb043dc13ac0
-
SHA512
d44325b203d93fd86bb75eb75e8ebcd7618d4f3997d6179d8103101a054eb5f9f40a5de53dcacb2f12d8c4adfaa7a115fbece2d4431b772cf3d22a9984343c25
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-