General
-
Target
ec87daf51bd380ba12d450602cd86a60
-
Size
288KB
-
Sample
220704-h2qekshce6
-
MD5
ec87daf51bd380ba12d450602cd86a60
-
SHA1
9ec5382f211483649dd7ab44db4e9ef70497f792
-
SHA256
74c6ec17b7e893a4cc45327088df9b6b1f5174173368622f0ba7f5760fd74943
-
SHA512
71824f58b8cfa211959398bdcd7e104c863544d8e282a454630ab053b549f4afb4454bac3f344ee3ed571d1b1f5978a70edfb9b4b95e2e8a8c0ac00847ef3532
Static task
static1
Behavioral task
behavioral1
Sample
MT103-203674982.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
m56u
tercantiq.com
fortvillechicken.net
spiritsandtheb.com
alliant-inc.biz
yh1902.com
xiaodewenhua.net
cityjobs.xyz
seniorlivingwisconsin.com
piadagrilla.com
truistfinancebank.online
nft-fashionlover.com
hangmandownload.com
chun888.xyz
lemonviral.com
getagrip.network
daniellepinnock.info
chiswickstudios.com
essayservicee.com
bharatpragatifoundation.com
800vn.com
leslieskraftboutique.com
massimusdescanso.com
bastadidiabete.com
tufkase.com
fifyx.xyz
xn--hausarzt-lneburg-szb.com
healthcarecheap.com
minshangjt.com
therapistorangecounty.com
thehappyfinn.com
cannalytics-test.com
thejunglees.com
hotel-tuerkiye.com
80at39.com
elsiemckellar.com
jia-he.net
www-kerassentials.com
sang-pakar.xyz
bivirtual.com
ventul.online
mikateknik.xyz
comparazionequote.net
suffolkpolefitness.com
395136.com
kui88.xyz
keohps.com
laketarponresort.com
betaal.fyi
ekascollection.com
rawreporter.com
regionhere.xyz
theartistknownaskayla.com
bobbihub.com
ezviz.xyz
kiffiybeauty.com
mocthaotay.com
glacies-financial.com
altamahalife.com
jodeeluna.com
familylabsummit.com
oufsfaooqp.com
famaciaonlineveterinaria.com
jadooresurfb.info
yansonlineshop.com
pielearn.com
Targets
-
-
Target
MT103-203674982.exe
-
Size
247KB
-
MD5
400ff0ca3ab2676f072aea68870ef70d
-
SHA1
dfd2f2443fd103089be9ab9f6fe651399b3d19f4
-
SHA256
7a605579f572e0ca0067f031db05ceec4f0445a09aae0a57bc36b14e5874d734
-
SHA512
a441c8e2b7aaf60a46a95077d4296888cc0bebc694e0fefb7501bab664d2fe5a81de8ec703b66df61372dfc3a09d8d918ed9ee952dbb558181a88f535b8d329b
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-