General
-
Target
1deac5c42c5c12f811a14593da40c7589da9274b67086ac62174498923c893fa
-
Size
213KB
-
Sample
220612-2yw8haegb4
-
MD5
1af681084e3d0b909e8ff56e4cee3c80
-
SHA1
fc8532c8feb0ce096e761020678744824dc1607c
-
SHA256
1deac5c42c5c12f811a14593da40c7589da9274b67086ac62174498923c893fa
-
SHA512
b9d0d1cb4cf3ac31f0b5f772e8e7dcdd5c13b9410dc52d22dfa42c6d34f98b13582319688a52c3f85bc0d2f46782f621ded3cdd70be1401846b2fc2ee449e4bf
Static task
static1
Behavioral task
behavioral1
Sample
1deac5c42c5c12f811a14593da40c7589da9274b67086ac62174498923c893fa.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
3.8
sh
studiogoparty.com
furi-mold.com
cdicoun-tombola.info
elizabethlhall.com
nakayama-hanasai.com
9910pe.com
iraqbreakingnews.com
91fyy.com
intersafetyland.com
dddadditive.com
gewuan.net
ikwxanxb.click
shenghangdianzi.com
nuskinmemory.com
sonrel-julie.com
rapidlegalcenter.com
jcldsp.com
dibamoviez.net
sochuan66.com
platformoneclothing.com
vandenbergpol.com
farmagf.com
xn--sjq656oa.net
bostonrefinanceboard.com
dannymetal.email
rcnxg.info
miaoshahui.net
sianakuwait.com
soundsquaremusic.com
liputan66.com
office365esafety.group
bolababy.net
saltiestoftheearth.com
goculer.com
mindbodysoulfoodie.com
tamsueva.info
givingartgallery.com
onlinestore.ninja
sanftemassagen.com
lafourmibatisseuse.com
200767.top
christina-kenel.com
burocratastijuana.com
herosofharvey.com
libelle-le.com
zecstb.men
jxkysd.com
yejiajun.com
social123marketing.com
simplelifeorganic.com
tjkaizhen.com
estableg.info
cyrilportmann.com
ntstiffins.com
717385y.info
ellamcd.com
cnxt.social
iotaagriculture.com
frankpilates.net
flytart.com
watch-zone.tech
yigitay.net
bubbleshootgames.com
cosmiceggpack.com
drylipc.com
Targets
-
-
Target
1deac5c42c5c12f811a14593da40c7589da9274b67086ac62174498923c893fa
-
Size
213KB
-
MD5
1af681084e3d0b909e8ff56e4cee3c80
-
SHA1
fc8532c8feb0ce096e761020678744824dc1607c
-
SHA256
1deac5c42c5c12f811a14593da40c7589da9274b67086ac62174498923c893fa
-
SHA512
b9d0d1cb4cf3ac31f0b5f772e8e7dcdd5c13b9410dc52d22dfa42c6d34f98b13582319688a52c3f85bc0d2f46782f621ded3cdd70be1401846b2fc2ee449e4bf
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-