General
-
Target
6d5af3c3cbd850fd982a9b243e2857a7
-
Size
247KB
-
Sample
220602-w2lnaahhh8
-
MD5
6d5af3c3cbd850fd982a9b243e2857a7
-
SHA1
a070566b72fca1e39f52599da8d2f80a0a11fb5f
-
SHA256
e1b5157b0929486351722245f7bf2cee1b8b9e05fca294fe3a0cf676e9a7ad57
-
SHA512
dccba4090f0aef7e59f35d4be64406b7ce7733f59f7ab940e296c5d8b5da852dce11b53d317f71bcf53304088c1c361fc24f8e466915c6d9a1e8dfee17fb4bc1
Static task
static1
Behavioral task
behavioral1
Sample
6d5af3c3cbd850fd982a9b243e2857a7.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
g14s
highnessmagazine.com
mokeyshop.com
remotedesktop.xyz
bicielettrica.xyz
addoncarzspa.com
ironesteem.com
asset-management-int.com
newportnewsaccounting.com
seriesyonkis2.com
hhivac.com
shrmgattlnow.com
yangzhenyu1.xyz
prettylittlenail.com
phyform.com
fggloballlc.com
gamecentertx.com
apriltoken.com
agalign.com
jointventurecoop.club
pengqianyue.tech
federleicht-restaurant.com
lollipop987.xyz
diamondbaybridgesweeps2022.com
burnaboy.net
affectionatelycrypto.com
anakastore.com
tsrtouring.com
ziyunyx.xyz
cognivegan.com
bigkumara.com
goldtickets.online
archermotorsportslogistics.com
bestsecurityvendor.com
remedybox.net
maxcarat.com
topseng.online
kmatsumoto.net
xn--ankrbikes-27a.store
inginetimetracking.com
uvej.xyz
elementbigwear.xyz
rebootxx.com
shzaonuo.com
cvwconference.com
jnadtech.com
wanaizhijia.com
marie69.xyz
onlyappsauthenpoint.online
darkfo.rest
lfzhitu.com
lesdelices2paris.com
rustygarages.com
idontcarewhatyouthink.net
qcg2.com
kreeplyfe.net
teethguardforme.com
teethguardforme.com
gentor.online
big79.pro
peifang8.com
homehs.net
whalsaycafe.com
remisemaroc.com
viqub.com
swiftsrecovery.com
Targets
-
-
Target
6d5af3c3cbd850fd982a9b243e2857a7
-
Size
247KB
-
MD5
6d5af3c3cbd850fd982a9b243e2857a7
-
SHA1
a070566b72fca1e39f52599da8d2f80a0a11fb5f
-
SHA256
e1b5157b0929486351722245f7bf2cee1b8b9e05fca294fe3a0cf676e9a7ad57
-
SHA512
dccba4090f0aef7e59f35d4be64406b7ce7733f59f7ab940e296c5d8b5da852dce11b53d317f71bcf53304088c1c361fc24f8e466915c6d9a1e8dfee17fb4bc1
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-