General
-
Target
Ordem de compra para julho.pdf.zip
-
Size
552KB
-
Sample
220629-tmlnmacfb3
-
MD5
64baf61a0be4f79f619fdf56fab0aaea
-
SHA1
8ab445e801a15c500d6cdca22a9864aaf72229bf
-
SHA256
2d7051de1420deab48e7d25638ae6c6a72ccc503c4c6d153139feec4861f573f
-
SHA512
da2eb5c031ac4db3cafbbf0581d0a156fc94958cd1659209c8c03721061cb48cec328ea900c0bbb09b7f7e6cfd056f1bdbb639f513bd49f6e416b2f8cbc6436d
Static task
static1
Behavioral task
behavioral1
Sample
Ordem de compra para julho.pdf.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
de08
retirecloudyyard.com
fabiyan.xyz
chrisarlyde.com
selapex.com
vivalosgales.com
specialty-medicine.com
contasesolucoes.com
satunusanews.net
allyibc.com
alameda1876.com
artofdala.com
yukoidusp.xyz
steeldrumbandnearme.com
stonewedgetechnology.com
kentonai.com
macquarie-private.com
ddgwy.com
megagreenhousekits.com
descomplicaomarketing.com
inclusiverealtor.com
themummyfront.club
computerfashiondesigns.com
ericparlatore.com
whathappened2me.com
baksomail.xyz
mugupplatform.com
shopsolutely.com
gymcservices.com
qianshunchina.com
zoomsbshab.icu
esrmtech.com
966211.com
stockinsidepr.com
df-wh.com
smartshopapps.com
kayseriadsl.com
acedesserts.com
205qs.com
ei8i.com
aibtly.com
kpviewllc.net
nnehandebol.com
torontonianapparel.ca
therealgoldenganjagang.com
mingxiang99.com
rewkagcompany.xyz
ahmee4.com
valen.info
vacuumfun.parts
fabiyan.xyz
psncareersolutions.com
escobargroups.com
michigandice.com
ey3solutions.com
li-n.info
puingkehancuran.xyz
bilt-green.com
dfysuitetech.xyz
abdoomar.com
actsaka.xyz
justsweatitout.com
axabank.life
billyyaka.com
mypatchtools.com
epulsive.com
Targets
-
-
Target
Ordem de compra para julho.pdf.exe
-
Size
687KB
-
MD5
01ac3fb5a4476de95369f325ea906ea5
-
SHA1
e291db506ea6b82f60b1b5e035f764595d6b7f3c
-
SHA256
b6426721805cf7ba17f04f3ab2540c182758682a0b6397ee277f4f3aa3709bd1
-
SHA512
548686caf1858bb22aaebee04c0ee0a8fef3d4f4577a6700dbbfe213d34654e621be09927bbddff418c61c33c9380c8a6f92ffe3ae202ab53c149d5f80dd40ca
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-