General
-
Target
Invoice#5800371 pdf.exe
-
Size
837KB
-
Sample
220706-j3vlcscdf4
-
MD5
328eaa1e53fdeba2a8d99f4a5f0385dd
-
SHA1
9da77711434bfe5eb4f26365513c7663da5e9885
-
SHA256
985bff9f5d8470baf0a3c5520eae6e8bb87a9761bd6c7ce41855c5c8cc0a58bc
-
SHA512
475be1e25abb8697952b5014ebfa6d5e26eb3f0d312739771f4f0f91819f55b3620dbeb76c3bb47a7febf17f8588232d4cecb25cc130f7437d1d810dd8b0586d
Static task
static1
Behavioral task
behavioral1
Sample
Invoice#5800371 pdf.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
Invoice#5800371 pdf.exe
-
Size
837KB
-
MD5
328eaa1e53fdeba2a8d99f4a5f0385dd
-
SHA1
9da77711434bfe5eb4f26365513c7663da5e9885
-
SHA256
985bff9f5d8470baf0a3c5520eae6e8bb87a9761bd6c7ce41855c5c8cc0a58bc
-
SHA512
475be1e25abb8697952b5014ebfa6d5e26eb3f0d312739771f4f0f91819f55b3620dbeb76c3bb47a7febf17f8588232d4cecb25cc130f7437d1d810dd8b0586d
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Adds policy Run key to start application
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-