General
-
Target
53230e1e4633bff19359e6ee0490bb5833d44ab87126dcfdbdfe62ddefc54782
-
Size
284KB
-
Sample
220521-xld4yafcdp
-
MD5
6c2cfd10c3b631e11fa589430d278017
-
SHA1
95fe744b9c7b4577660739fe7ebdb0acbb1ea2b9
-
SHA256
53230e1e4633bff19359e6ee0490bb5833d44ab87126dcfdbdfe62ddefc54782
-
SHA512
5f62eb7543a5c62223087ee602087ec3528279386715cc069e41b84376e4525d2aae519a6cdcc8a32ab29c6c72fa4fea811564fdace0f787ff71bc1e886a6e29
Static task
static1
Behavioral task
behavioral1
Sample
tq9604oy0Xa6q6L.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
p07
sgemlakdunyasi.net
xn--emhendis-75a.net
apptracker.tech
bb4h.com
izzyesq.com
adsum.digital
phylliselago.com
sellyourlistings.com
tjtdyy.com
w5ydhp.info
neurolat.info
sosecretoccultandconcealed.com
eastmount.biz
vonhiemer.com
chelseatowercondos.com
intarconnect.com
someoneask.com
knightsnorth.com
tthxlxs.com
darakandassociates.com
nfcasia.com
comprartickets.futbol
parangon-patrimoine.com
skeletnclique.com
kingdomfirstcollege-hbiu.biz
skillsbro.com
beauxproverbes.com
emioil.net
fangbianyu.com
oeclx.info
buildboks.com
worldofphotos.com
astcshop.com
digital-today-news.com
devfunking.com
thewrappiez.com
swissspaaward.net
casinos-mansion.net
3z15.com
cy1088.com
safehome-smarthome.com
miesblogi.com
hh9995.com
memphis-restaurant.com
koreansoundscape.com
statelyhomes4sale.com
ystlu.red
wethescraps.com
bigger.plus
freddiebracelet.com
bj-driver.com
gd23678.com
mountainapple.company
visco-tec.com
whapz.com
valenschool.com
lehu31.com
tsugaikepalece.com
exclusivewine.store
adatadream.com
4089999999.com
liangshihonggan.com
refurbid.com
patriciacrispino.com
sandrxy.com
Targets
-
-
Target
tq9604oy0Xa6q6L.exe
-
Size
335KB
-
MD5
82dd8a6c5f49f0dcff5c10e62571a3c7
-
SHA1
d4fc14325a4a3ca7fb259bbdd95ae15ee47081c1
-
SHA256
8fcc3e95c54613cec5176ad7aabc3a5d498fb608d825f98a087ce6784fdad992
-
SHA512
bf8cbb7befa5ab3a2716634548c118dbdd7db9e4f150a48918488272e76977480acf1d3e7059216c6fbd55859a31debb08f2d2c1d8f6d5eca9989aa4fe9d0355
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-