General
-
Target
odeme.xl200.exe
-
Size
515KB
-
Sample
220706-teg1gaeefk
-
MD5
e57f53e16f57d9d28cb7c00e3e0c51f3
-
SHA1
abcd5179dd64504a12d4a854cde93826882e9b43
-
SHA256
06d8b2fecf78c785a15181b34a74859e87fcec54dd231b13ea9fe79983ba9a95
-
SHA512
f36b8425f5231d7e8bcc07617ab17bde7db27abcfb49a69e5238b1070b847d0f1acd70fcfd7b793ed80f6751481576e3c33ab3b1e5fadb387634e267b42b79b0
Static task
static1
Behavioral task
behavioral1
Sample
odeme.xl200.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
mh76
healthgovcalottery.net
wenxinliao.com
rooterphd.com
bbobbo.one
american-mes-de-dezembro.xyz
mintager.com
thespecialtstore.com
wemakegreenhomes.com
occurandmental.xyz
fidelityrealtytitle.com
numerisat.asia
wearestallions.com
supxl.com
rajacumi.com
renaziv.online
blixtindustries.com
fjljq.com
exploretrivenicamping.com
authenticusspa.com
uucloud.press
conclaveraleighapts.com
moqaq.com
graphicressie.com
homebest.online
yisaco.com
thedrybonesareawakening.com
browardhomeappraisal.com
xn--agroisleos-09a.com
clinchrecovery.com
rekoladev.com
mlbl1.xyz
tunecaring.com
avconstant.com
chelseavictorioustravels.com
esrfy.xyz
frijolitoswey.com
zsfsidltd.com
natashasadler.com
kice1.xyz
drivemytrains.xyz
shopalthosa.xyz
merendri.com
yetkiliveznem7.xyz
milestonesconstruction.com
apparodeoexpos.com
momotou.xyz
chatkhoneh.com
cacconsults.com
kigif-indonesia.com
segurambiental.com
verynicegirls.com
curearrow.com
fdupcoffee.com
theclevergolfers.com
moushimonster.com
qdchuangyedaikuan.com
hopefortodayrecovery.com
wk6agoboyxg6.xyz
giybetfm.com
completedn.xyz
eluawastudio.com
legacysportsusatexas.com
comgmaik.com
intelsearchtech.com
northpierangling.info
Targets
-
-
Target
odeme.xl200.exe
-
Size
515KB
-
MD5
e57f53e16f57d9d28cb7c00e3e0c51f3
-
SHA1
abcd5179dd64504a12d4a854cde93826882e9b43
-
SHA256
06d8b2fecf78c785a15181b34a74859e87fcec54dd231b13ea9fe79983ba9a95
-
SHA512
f36b8425f5231d7e8bcc07617ab17bde7db27abcfb49a69e5238b1070b847d0f1acd70fcfd7b793ed80f6751481576e3c33ab3b1e5fadb387634e267b42b79b0
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Suspicious use of SetThreadContext
-