General
-
Target
1bc294a63c80ffdc3ef78d9e52b94a18
-
Size
716KB
-
Sample
220627-qr7j4sbeaq
-
MD5
1bc294a63c80ffdc3ef78d9e52b94a18
-
SHA1
b277de52ad36289d1c8a08bf4b76e23bca6be08a
-
SHA256
032f59f1a16e61195453751a2e734b429302bc6a980e7c0df6a78187d1af0a1e
-
SHA512
f4b9dab5625593a83c7784d65b0136f71d16c09803a9a70f52686925cc559b8eeedce07d01d327928022c433298c3af8310d54b36155be1d6a93f027b3af6250
Static task
static1
Behavioral task
behavioral1
Sample
YANBU QUOTATION LIST 06.2022.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
ba17
bearwant.com
sdsguanfang.com
steamcommunityvia.top
sugarplumtreasures.com
koronislakefishing.com
jmae.xyz
xhxnqemkiqe.xyz
playzcrew.com
zatwsbq.com
lankofix.com
sh-zhepeng.com
mibodamisxv.online
butterflyjewelry.store
finestrecitalto-spottoday.info
globomateria.com
royalmdarts.com
d4af10836709.com
shepwill.com
67aldrich.info
trustedmakers.club
burdiezholdings.com
facialcoach.com
hunterous.com
carei.xyz
positivityintheworkplace.com
top1productjapan.online
camperrentnovara.com
nostalgiaz.xyz
prepperandsalt.com
platinum-swallow-nest.com
jmdadoag.com
cornerstonesolarconsulting.com
carmelhasit.com
hospitalaurelia.com
epolystars.com
best5psychicreadingsites.com
cbradleyowens.com
cmshelps.com
leclefsdor.com
male-muscle-slave.cloud
eselinchen.com
statesunitedaction.net
goweet.com
hififurniturehouse.info
alphacapitaltrust.online
hotsellmed.com
sunxueling.com
firstclass-poolservice.com
tuveranopelayo.com
wayangslot.net
joseauto.net
consinko.com
pacificoffshorecharters.com
steemboard.xyz
poollife.info
miraihenokoibumi.net
mfh-sa.com
seontra.xyz
openfaders.com
guardianz.online
purse.gold
affaire-chaba.com
rosency.xyz
somethingform.site
digitalpursuitsonline.com
Targets
-
-
Target
YANBU QUOTATION LIST 06.2022.exe
-
Size
689KB
-
MD5
2e43d196e446bfc5c13be5b260137ada
-
SHA1
2fcf21897ecc2315fc1c668834ae6a638db409f7
-
SHA256
6ff2623794625f34d8ebf1d840ececdce903836c5a06b1907f83a0cea46ac57f
-
SHA512
803679f0dc6c83ef743bbd6686eb4d66301ab3e1288b64aea1a7bcc6fd57bdb3a7ec1b0ceb448976d5bd2e08f2b64e4c0811a401282de75b243e4599728172fe
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-