General
-
Target
8046606ebe8220adccafc7393e7488eb
-
Size
266KB
-
Sample
220627-qpxbcsdbg7
-
MD5
8046606ebe8220adccafc7393e7488eb
-
SHA1
a485e9a6ca7380187bd52a616c91302184fe6b6c
-
SHA256
04c4a1d6a4100879806b4bc04e0d8a33e830a2e4b6f12194b36fffc19c6125d0
-
SHA512
816f21498b6d11f567bd181dd02fd5371ee7a3df953d25629c53ea9478a08450505c93fd9bbdb61cac280cd3bec311c4eb8e081d4e7e2a0287dc82dd951ae769
Static task
static1
Behavioral task
behavioral1
Sample
Quote.js
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
Quote.js
-
Size
333KB
-
MD5
4dc50abe34a0f0a9fbb86513fe92b109
-
SHA1
51a7376ed9e6af9094bdf8a9f862f1a16a5d5485
-
SHA256
10b0a88ef7baab52a471dce45a090a692a9ff07b5d34c307d7c2d7192dfc42fc
-
SHA512
e0bd6b22f2cdfcb3fa52aecf9372bb3cbe877b9ac804a121bff1fcd0f0639f26679fbfb0e7664665224b0a7ea9bcce9d43c55467763135870d2898f86c98108a
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-