General
-
Target
Slip7685 PDF.exe
-
Size
885KB
-
Sample
220706-shk1vsebaj
-
MD5
e7595c41f447a60a885835ea9c9b0aff
-
SHA1
52ecba1bd35e3bdfc547a0f9c6c4459233cb695b
-
SHA256
fae9dc6b530bd5d7008f7bad75e8321b0ec59a2d1c66187df9351806ef20199a
-
SHA512
8806fb3ad896e4d36569ef90b757c4487c2b3bfb63a2c97af7d5b9e9250f7906cefec06d5c84dfbc4500622476d1d9ab3986351dd6e08e80ee304e8cccfcf065
Static task
static1
Behavioral task
behavioral1
Sample
Slip7685 PDF.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
rsea
aylagrey.com
ketoodavoqslim.xyz
foyfoy.ltd
buymistnow.com
ownempire.net
cie-revolver.com
kedaimks.com
rockbettergear.com
luminousfadel.com
universalbumpkeys.com
enjoyablestopnshop.com
grandesfinanzas.com
professionmessaging.com
thtoughthenight.com
conservativesshop.com
jimihoodie.com
nhlove.net
agentsheila.com
tilemarkng.com
94ei6mgy.com
www69188q.com
dominiclis.com
xinlanyuan.net
stipclub.com
educaterealestatepodcast.com
yourinsuranceconnection.life
imanicarton.com
dongxijiangpin.com
finanziariaruscelli.com
ashleyryannestreet.com
artbynadiaxel.com
delicioushq.com
chunqi888.top
ghjan.com
noyanlarinternational.com
wwgge.com
kiniecta.com
dupreportablebuildings.com
officialcaliyoga.com
stairsuppllies.com
langeculotte.com
celebrateocala.com
wiworwe.xyz
biaolingroup.com
mujid24s.com
jinyida.xyz
mavenpension.com
usreliacares.com
hotelspacasino.com
littycreationz.com
downtownfamilypharmacy.com
koinslot888.tech
almavivaranch.com
downloadmasters.net
heygotrip.com
stake-login.com
secretstation.xyz
lowesy.club
houtai12123.club
epiccaremedtraninc.com
maison-colette.com
andykaufmanisalive.com
bangaloretomysoretaxi.com
casaspecialtycoffee.com
funakelo.com
Targets
-
-
Target
Slip7685 PDF.exe
-
Size
885KB
-
MD5
e7595c41f447a60a885835ea9c9b0aff
-
SHA1
52ecba1bd35e3bdfc547a0f9c6c4459233cb695b
-
SHA256
fae9dc6b530bd5d7008f7bad75e8321b0ec59a2d1c66187df9351806ef20199a
-
SHA512
8806fb3ad896e4d36569ef90b757c4487c2b3bfb63a2c97af7d5b9e9250f7906cefec06d5c84dfbc4500622476d1d9ab3986351dd6e08e80ee304e8cccfcf065
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-