General
-
Target
TELEX COPY.exe
-
Size
214KB
-
Sample
220624-qvnamsfdb5
-
MD5
ac6096ab3dc639f668998dc327d33365
-
SHA1
de2ba145f48c068ad776bb6920254b35e6362bb2
-
SHA256
2620668118d8ade45d0de6c49ea4c2af6213ff0e7d0b312b8ce8e080eba6c32b
-
SHA512
fd6d33a0dffc1a0803146a2be64b54acf28068edd0acc580de3ce844ce974a109eb9f7491a9de8487ee2e8294ba9bda1f4115df97592d76191d846930e4c8833
Static task
static1
Behavioral task
behavioral1
Sample
TELEX COPY.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
m56u
tercantiq.com
fortvillechicken.net
spiritsandtheb.com
alliant-inc.biz
yh1902.com
xiaodewenhua.net
cityjobs.xyz
seniorlivingwisconsin.com
piadagrilla.com
truistfinancebank.online
nft-fashionlover.com
hangmandownload.com
chun888.xyz
lemonviral.com
getagrip.network
daniellepinnock.info
chiswickstudios.com
essayservicee.com
bharatpragatifoundation.com
800vn.com
leslieskraftboutique.com
massimusdescanso.com
bastadidiabete.com
tufkase.com
fifyx.xyz
xn--hausarzt-lneburg-szb.com
healthcarecheap.com
minshangjt.com
therapistorangecounty.com
thehappyfinn.com
cannalytics-test.com
thejunglees.com
hotel-tuerkiye.com
80at39.com
elsiemckellar.com
jia-he.net
www-kerassentials.com
sang-pakar.xyz
bivirtual.com
ventul.online
mikateknik.xyz
comparazionequote.net
suffolkpolefitness.com
395136.com
kui88.xyz
keohps.com
laketarponresort.com
betaal.fyi
ekascollection.com
rawreporter.com
regionhere.xyz
theartistknownaskayla.com
bobbihub.com
ezviz.xyz
kiffiybeauty.com
mocthaotay.com
glacies-financial.com
altamahalife.com
jodeeluna.com
familylabsummit.com
oufsfaooqp.com
famaciaonlineveterinaria.com
jadooresurfb.info
yansonlineshop.com
pielearn.com
Targets
-
-
Target
TELEX COPY.exe
-
Size
214KB
-
MD5
ac6096ab3dc639f668998dc327d33365
-
SHA1
de2ba145f48c068ad776bb6920254b35e6362bb2
-
SHA256
2620668118d8ade45d0de6c49ea4c2af6213ff0e7d0b312b8ce8e080eba6c32b
-
SHA512
fd6d33a0dffc1a0803146a2be64b54acf28068edd0acc580de3ce844ce974a109eb9f7491a9de8487ee2e8294ba9bda1f4115df97592d76191d846930e4c8833
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-