General
-
Target
tmp
-
Size
536KB
-
Sample
220706-h3dr6sbhh6
-
MD5
9e70e8a4f264cc5ef9c7cc2c0977ce7f
-
SHA1
2fdade7cace270aacb774b1079c99f80110da9e1
-
SHA256
712d9e2373914cd9231c6c55a5d919efa6df53194b2c06b03695501dde071760
-
SHA512
278b3662e35ee839e197c218e22b32e3f9885b53004dbde163d3e86e91a6e6abbeff9afc4e444181c16b0e75d2b274639870bcafb7b43a9568c88116be66d0da
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
m56u
tercantiq.com
fortvillechicken.net
spiritsandtheb.com
alliant-inc.biz
yh1902.com
xiaodewenhua.net
cityjobs.xyz
seniorlivingwisconsin.com
piadagrilla.com
truistfinancebank.online
nft-fashionlover.com
hangmandownload.com
chun888.xyz
lemonviral.com
getagrip.network
daniellepinnock.info
chiswickstudios.com
essayservicee.com
bharatpragatifoundation.com
800vn.com
leslieskraftboutique.com
massimusdescanso.com
bastadidiabete.com
tufkase.com
fifyx.xyz
xn--hausarzt-lneburg-szb.com
healthcarecheap.com
minshangjt.com
therapistorangecounty.com
thehappyfinn.com
cannalytics-test.com
thejunglees.com
hotel-tuerkiye.com
80at39.com
elsiemckellar.com
jia-he.net
www-kerassentials.com
sang-pakar.xyz
bivirtual.com
ventul.online
mikateknik.xyz
comparazionequote.net
suffolkpolefitness.com
395136.com
kui88.xyz
keohps.com
laketarponresort.com
betaal.fyi
ekascollection.com
rawreporter.com
regionhere.xyz
theartistknownaskayla.com
bobbihub.com
ezviz.xyz
kiffiybeauty.com
mocthaotay.com
glacies-financial.com
altamahalife.com
jodeeluna.com
familylabsummit.com
oufsfaooqp.com
famaciaonlineveterinaria.com
jadooresurfb.info
yansonlineshop.com
pielearn.com
Targets
-
-
Target
tmp
-
Size
536KB
-
MD5
9e70e8a4f264cc5ef9c7cc2c0977ce7f
-
SHA1
2fdade7cace270aacb774b1079c99f80110da9e1
-
SHA256
712d9e2373914cd9231c6c55a5d919efa6df53194b2c06b03695501dde071760
-
SHA512
278b3662e35ee839e197c218e22b32e3f9885b53004dbde163d3e86e91a6e6abbeff9afc4e444181c16b0e75d2b274639870bcafb7b43a9568c88116be66d0da
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-