General
-
Target
triage_dropped_file
-
Size
704KB
-
Sample
220629-vvs84sdbf2
-
MD5
6b25cd644f183af7c7447ba2d658e8c5
-
SHA1
b3fee68e0d04e03c34ba546bc714096d13641815
-
SHA256
7952c76d1d86927893a2ef8ca0a23bb1b45af38565f2ad9cea09a942bd5059f8
-
SHA512
877ca781d89283c5bf7e26e45dce561d52c7a580aa08b172313443681494bf2aa24664a42ca95b6d88e76b43196c51997509098dd0979459ebe9ff48a6f658a9
Static task
static1
Behavioral task
behavioral1
Sample
triage_dropped_file.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
m56u
tercantiq.com
fortvillechicken.net
spiritsandtheb.com
alliant-inc.biz
yh1902.com
xiaodewenhua.net
cityjobs.xyz
seniorlivingwisconsin.com
piadagrilla.com
truistfinancebank.online
nft-fashionlover.com
hangmandownload.com
chun888.xyz
lemonviral.com
getagrip.network
daniellepinnock.info
chiswickstudios.com
essayservicee.com
bharatpragatifoundation.com
800vn.com
leslieskraftboutique.com
massimusdescanso.com
bastadidiabete.com
tufkase.com
fifyx.xyz
xn--hausarzt-lneburg-szb.com
healthcarecheap.com
minshangjt.com
therapistorangecounty.com
thehappyfinn.com
cannalytics-test.com
thejunglees.com
hotel-tuerkiye.com
80at39.com
elsiemckellar.com
jia-he.net
www-kerassentials.com
sang-pakar.xyz
bivirtual.com
ventul.online
mikateknik.xyz
comparazionequote.net
suffolkpolefitness.com
395136.com
kui88.xyz
keohps.com
laketarponresort.com
betaal.fyi
ekascollection.com
rawreporter.com
regionhere.xyz
theartistknownaskayla.com
bobbihub.com
ezviz.xyz
kiffiybeauty.com
mocthaotay.com
glacies-financial.com
altamahalife.com
jodeeluna.com
familylabsummit.com
oufsfaooqp.com
famaciaonlineveterinaria.com
jadooresurfb.info
yansonlineshop.com
pielearn.com
Targets
-
-
Target
triage_dropped_file
-
Size
704KB
-
MD5
6b25cd644f183af7c7447ba2d658e8c5
-
SHA1
b3fee68e0d04e03c34ba546bc714096d13641815
-
SHA256
7952c76d1d86927893a2ef8ca0a23bb1b45af38565f2ad9cea09a942bd5059f8
-
SHA512
877ca781d89283c5bf7e26e45dce561d52c7a580aa08b172313443681494bf2aa24664a42ca95b6d88e76b43196c51997509098dd0979459ebe9ff48a6f658a9
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-