General
-
Target
FATURA HESABI.exe
-
Size
25KB
-
Sample
220630-kta12ahedj
-
MD5
9c6e67ca7790e12c09fa65bacf8b0618
-
SHA1
9b7f0452d2e9e6632457724f106d0b84ae8a8070
-
SHA256
35256002ef756a42079880ccdec95862e80830e69ebc56225f2b2a34ec28f771
-
SHA512
5db4e8ac7ad1df7c7142ac37a4774045db7324e01368dd7d9465a03561a5f825afbcf0341651ff615a110881ebb6b8ddb010b2ee1240b6baec3661aa22fcfde4
Static task
static1
Behavioral task
behavioral1
Sample
FATURA HESABI.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
gf9d
tasty-drop.pro
kairosinternationalfl.com
moi-dolgi.online
kgsp.space
raceier.xyz
mulsion.xyz
eduedge24.com
conciergerietoulousaine.com
islandgirljewelz.com
landofmalbecwines.com
awesomeblossomsonline.com
dtellmebeatext.xyz
origensrio.com
organicmeditationmethod.com
viedelapin.net
petescustomdecals.com
la-verrerie.com
bluecupcoffee.com
univchip.com
jedicrm.com
gxj-f.com
kunstacademy.com
importedbykali.com
gjrgyp.com
eltukeke.com
lthcw.xyz
restener.com
toptrunkshop.com
wakscord.xyz
game5x.com
wan-24.com
jijijiav.com
ankaraotosarj.xyz
babazon.online
ptfe.parts
serviceus.xyz
whatword.online
polishedpages.xyz
margaretpruitt.com
program-productions-dev.net
atrial-fibrillation-hub.life
dcsekisigr.store
susanetkindphd.com
redwingsbaseball.site
muhammad-taufiq-hidayat.site
ishay512jug.com
purzel.xyz
bagathome.com
arptexascafe.com
kirurgoperu.online
xn--c79aw1ah5s06bd9nb83artb.net
thamiladhiran.com
avantmethod.com
writeyourretirementstory.life
whatsforfuckinglunch.com
hematpulsa.xyz
realestatelaurenc.com
weddingku.xyz
everestbuildinggroup.com
guauth.com
top-happiness.com
shopssmk.com
neatpapertotranslatetoday.info
adecamedios.com
air-conditioners-find.life
Targets
-
-
Target
FATURA HESABI.exe
-
Size
25KB
-
MD5
9c6e67ca7790e12c09fa65bacf8b0618
-
SHA1
9b7f0452d2e9e6632457724f106d0b84ae8a8070
-
SHA256
35256002ef756a42079880ccdec95862e80830e69ebc56225f2b2a34ec28f771
-
SHA512
5db4e8ac7ad1df7c7142ac37a4774045db7324e01368dd7d9465a03561a5f825afbcf0341651ff615a110881ebb6b8ddb010b2ee1240b6baec3661aa22fcfde4
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-