General
-
Target
order.zip
-
Size
32KB
-
Sample
220706-h5hh5scaa9
-
MD5
9992551cdbb80e7df0252109131e5dc7
-
SHA1
efd404fb7dc626272b841f4fb4ff36958467b825
-
SHA256
0ae244dbfc247ee7c25cd07a9e339e542c20960f6568e02e8cf581acda0cdd5f
-
SHA512
8ba276a5a8da546a859dbbc72c87f49ff894e087afc0be2b63144507c8b7d24f7130631e1b027dc0f7aba521dc1fb793f13c0e5cbba41bc09956958b48837858
Static task
static1
Behavioral task
behavioral1
Sample
order.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
fs44
whneat.com
jljcw.net
pocodelivery.com
outofplacezine.com
yavuzcansigorta.com
xinhewood-cn.com
cartogogh.com
5avis.com
joyceyong.art
digitalsurf.community
blackcreekbarns.com
magazinedistribuidor.com
sportsgross.com
drevom.online
mayibeofservice.com
gareloi-digit.com
permitha.net
renaissanceestetica.com
facts-r-friends.com
dach-loc.com
thezuki.xyz
cerradoforte.com
yunjin-band.com
soleirasun.com
stoneyinsideout.com
a-sprut.store
verdistar.com
hivingly.com
trywork.net
bvpropertymanagement.com
calibrationprofessionals.com
mpalmcoffee.com
polygons-stakes.site
themomerator.com
payrollserviceform.com
luyensex.club
elon-drop.net
bluechipblog.com
suaempresaemcasa.com
experimentalcircus.art
vietnamesecuisines.com
i4zlyv.com
b23q.xyz
quantumap.com
sana-poratal.site
eastcoastguardfl.com
maxwell-caspar.com
pontochavelocacoes.com
nitsmm.site
tiffanyrockdesign.com
dgmlsubscribers.com
cybericonsultancy.com
bankssy.com
cxitsolution.com
summerinthepark2022.com
chainadmere.com
quangdecalshop.com
winagency.net
motorworks.tech
huefa.club
mthoodviewlodge.com
bahisaltv79.com
codeforge.pro
dpd-gasplumbingandheating.com
echoesdesing.com
Targets
-
-
Target
order.exe
-
Size
121KB
-
MD5
ba0a02061fb326c69a925c6ed28a363a
-
SHA1
e7e668017328b7ceb7bb1f81a5ea048f990d971f
-
SHA256
aeb2dd004a580971a25e3408e2fc4cc08535bd2a84b0300d763dddace11c6400
-
SHA512
1000bb2afe9b15632002f64e9c5eab0f2ce66a868df1303d6a4a9fc5bedbd60b13f94faece4fc3faf23fc9e241c893ba1b3c3ebe7f8738bf472e37debe1c7a65
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-