General
-
Target
Draft BL_SITINSV045627G_FDONS2108005.exe
-
Size
615KB
-
Sample
220707-kbqnrsahe7
-
MD5
e42ad53a0214d4cc02087734b6f98579
-
SHA1
9b92beb48c524d52038adf4cce7f3f88b0c79cfe
-
SHA256
62b5f6f6f6c927d64b44c87c8897e3fb082b214b046dcad4a0f1a8080f4a28ed
-
SHA512
e86cdc87fb6e09f5cec405369481c360ed6fc8f2893d61903e7270883997bbb7330a8d8eb100924b2fd0b253cc4f02d55a4087462d79248f5de609a265ffb19e
Static task
static1
Behavioral task
behavioral1
Sample
Draft BL_SITINSV045627G_FDONS2108005.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
df48
tinder.pw
flowersfoodsbrands.net
broadbandbangalore.com
wittyhealthy.com
mediking.online
pounchbowl.com
gridkart.com
mobrtho.com
starlinerecruitment.com
ernieswinesandliquors.com
dsbvgf.com
messiahbaptist.church
sumsandals.com
familieheineken.online
fikifika.com
beg.wtf
euroconsult.net
radiologist24.com
fuji-privatevilla.com
flemming.store
simplymanaged.rentals
pnsrjp.com
platinumedicaladmin.com
walleti.tech
sayingcoxy.com
flowersfooods.net
forekshesabiolustur.com
wesvon.online
symphonycontest.com
startup-int.com
xn--evgvenliksistemleri-79b.com
thevirtualghost.com
bjjdating.com
gaff.pet
xenoinvest.com
manpowernews.net
psychedelicexpertshop.com
blackrockf.com
seacliffdogwalking.com
bapakmu21.com
bldgops.com
finestbrieftoperceivetoday.info
trizzle.xyz
youeve.com
hikachika.com
utahprabrasileiros.com
dwez.net
hotelpatasycolas.com
trapanibedbreakfast.com
customerchoicehomes.com
openup.design
muwilp.com
digitslot777.net
torrestreet.com
lowerrates.site
shema.pro
musicbylionel.com
mixasia.net
rupting.com
idol-d.com
fbinternettrackingettlement.com
vernonriverchurch.net
kaseybabe.com
dowupkeep.com
bmtd.net
Targets
-
-
Target
Draft BL_SITINSV045627G_FDONS2108005.exe
-
Size
615KB
-
MD5
e42ad53a0214d4cc02087734b6f98579
-
SHA1
9b92beb48c524d52038adf4cce7f3f88b0c79cfe
-
SHA256
62b5f6f6f6c927d64b44c87c8897e3fb082b214b046dcad4a0f1a8080f4a28ed
-
SHA512
e86cdc87fb6e09f5cec405369481c360ed6fc8f2893d61903e7270883997bbb7330a8d8eb100924b2fd0b253cc4f02d55a4087462d79248f5de609a265ffb19e
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-