General
-
Target
Irrazvdr.exe
-
Size
54KB
-
Sample
220706-qp34xadbhq
-
MD5
cedb27004e2fbaf88af7850aaf5133b0
-
SHA1
1ea8386b3a52bb32ae24f41ba0ef4f912eada74c
-
SHA256
2cbb67b48b3162ce44c224d9230d58a4263e71a50ca82673477d2e14f7ae2087
-
SHA512
3dd1a35ab8d59db4b933190906e9d039459c8d7e39849819d6ba9ac214f57f826bf6ab3342f132971b104016779035704efb1dd5e000af1419e83a0060a79521
Static task
static1
Behavioral task
behavioral1
Sample
Irrazvdr.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
ca27
sefacoin.com
rightvisionsecuritysystems.com
jthousing1509.com
bj-sfxh.com
fansdy.com
waltit.com
kgaelhp.icu
latil.sa.com
ethmerger.com
theunimarkgroup.com
51anb.com
betsinatra.com
asd3wuh.icu
vinissimo3gwen.xyz
supernewshub.site
asfq4ev.icu
nftstoremarketing.com
blondefitgal.com
zmsoftware-co.com
beedotech.net
u9baoku.com
mmzaixianluobbyykk520.net
ciplasterrepair.com
kadantasarim.site
spacexunit.com
tkdown.net
ronandrumm.com
beeg.run
tunatak.site
funroomintentionhall.com
sskylar.com
rutoai.online
dex-offering.space
herbspeedycolorcream.com
kgs117p.icu
hupengfang.com
inferiorstudio.com
comfortableundies.com
asscuxt.icu
yhqt.art
kgr8yq8.icu
metalsroot.com
diarioliga.com
sense8candles.xyz
ebonysexdreams.com
siawase11.com
kg3nx4p.icu
coinbaseclasaction.com
exee.fr
njcjpx.com
news-journals.com
sdil.online
junction55.com
asq42hg.icu
mars.care
jeanbezy.com
uponmeat.com
eq5sense.com
gelinator.com
drcarlosarica.com
123sgw.com
productos-mascotas.com
simplylocals.store
klandesphoto.com
calebdowdy.com
Targets
-
-
Target
Irrazvdr.exe
-
Size
54KB
-
MD5
cedb27004e2fbaf88af7850aaf5133b0
-
SHA1
1ea8386b3a52bb32ae24f41ba0ef4f912eada74c
-
SHA256
2cbb67b48b3162ce44c224d9230d58a4263e71a50ca82673477d2e14f7ae2087
-
SHA512
3dd1a35ab8d59db4b933190906e9d039459c8d7e39849819d6ba9ac214f57f826bf6ab3342f132971b104016779035704efb1dd5e000af1419e83a0060a79521
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-