General
-
Target
1366af1721921e597d55c96ff1cc49dd0253869147f7dd6623ad2440ca5162d0
-
Size
448KB
-
Sample
220616-24pqlshefk
-
MD5
30524a348e38eb991ddec856c6730cb1
-
SHA1
227255133555186de301a9c703203948aba45df0
-
SHA256
1366af1721921e597d55c96ff1cc49dd0253869147f7dd6623ad2440ca5162d0
-
SHA512
547b64cb54db7b00e2f8552b480aff59782e5272e513a76266fa5517154b359050f07e6d1b1018bd81e0632ce3e740ae1c0b75596eefe97f2d2068e2f3a005f6
Static task
static1
Malware Config
Extracted
formbook
4.1
s3s3
tvielotus.com
teesta.xyz
talentrecruitor.com
pamaungipb.com
xn--90ahkh6a6b8b.site
910carolina.com
toyotaecoyouth-dev.com
invetnables.com
gdexc.com
ssw168.com
householdmould.com
mqttradar.xyz
t333c.com
thepausestudio.com
evershedsutherlands.com
asbdataplus.com
preddylilthingz.com
jepwu.com
tvlido.com
artovus.com
trainingmagazineme.com
rettar.net
underneathstardoll.com
babipiko21.site
getvpsdime.com
accentsfurniture.com
cutdowns.tech
teklcin.online
sunshareesg.com
eventrewards.site
lacomunaperu.com
a-tavola.online
gshund.com
monsterflixer.com
896851.com
carpetlandcolortileflint.com
filmproduction.management
cherie-clinique.com
medjoker.com
grant-helpers.site
sussdmortgages.com
solaranlagen-forum.com
freecustomsites.com
h7578.com
ideadly.com
backend360.com
podgorskidesign.com
zilinsky.taxi
ourelevatetribe.com
thefitnesswardllc.com
eficazindustrial.com
thecovefishcamp.com
niuxy.com
myluxurypals.com
clinicadentalvelinta.com
dis99.com
crosswealth.xyz
itopjob.com
oandbcleaningservices.com
afri-solutions.com
paradiseoe.com
versionespublicas.com
b2lonline.com
usdcmeta.xyz
bense003.xyz
Targets
-
-
Target
1366af1721921e597d55c96ff1cc49dd0253869147f7dd6623ad2440ca5162d0
-
Size
448KB
-
MD5
30524a348e38eb991ddec856c6730cb1
-
SHA1
227255133555186de301a9c703203948aba45df0
-
SHA256
1366af1721921e597d55c96ff1cc49dd0253869147f7dd6623ad2440ca5162d0
-
SHA512
547b64cb54db7b00e2f8552b480aff59782e5272e513a76266fa5517154b359050f07e6d1b1018bd81e0632ce3e740ae1c0b75596eefe97f2d2068e2f3a005f6
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-