General
-
Target
0b576117983f942d005bd209239752290a0f97a9b0be5326f4f2d76c8ee416e0
-
Size
1.0MB
-
Sample
220707-tarzwabgc7
-
MD5
4942c83e6f8149c8ee9765f3c2b27bc7
-
SHA1
caf483ee54b09acc8b18a298ba42283260906687
-
SHA256
0b576117983f942d005bd209239752290a0f97a9b0be5326f4f2d76c8ee416e0
-
SHA512
4033e41aa44513ad425f7e6f0256a28f0a15b7419e7adf45edca82baf5894a0819b57521e9366273ef333d7fdbc154482efa36a9a6e06dddbf7119ffa2485383
Static task
static1
Malware Config
Extracted
formbook
4.1
po23
jacknull.xyz
commonellc.com
topnotchconstructor.com
thescienceofrecruiting.com
bellydancer.company
iforyo.com
hotgirlsseeking24.online
pelleycivil.com
plumblersnearme.com
helpfundabortionohio.com
wineandview.com
youfather.xyz
xsjxly.com
bnfconsults.com
apeholder.com
oldbutterflyevict.space
nara-happylife.com
frontmountedattachments.com
polizzastore.com
bettor-weather.com
vivisportshoes.com
vpsyxney.com
metaphysicalbiohacker.com
web-kontor-hamburg.com
419car.com
o-vertbastiais.com
handsofchia.com
sherispeakssocial.com
idola88.win
layeredbylayne.com
makoto-car.com
bufordsinglestoryhomeslist.com
grow-wings.net
honey-clothing.net
houseofdavidonline.com
aaahp.xyz
20gotas.com
hdamxpj.com
redirect53v.direct
gctomoney.com
dgluxuries.com
023xqbj.com
exulthome.com
chuanghuisz.net
sarvesh.land
squadly.net
universityofwinchester.com
rainbowranchojai.com
hookcrafty.com
jesusdosreis.com
grumfez.online
xaruilan.com
reindeer-exist.com
scarecrowdriver.com
mindamics.com
aqgree.com
fcsbssb.com
hautewired.com
shareingale.com
saborrumbero.com
virtualmichigan.xyz
meranti.pro
cavarma.com
liamhold.com
uscreditgroup.xyz
Targets
-
-
Target
0b576117983f942d005bd209239752290a0f97a9b0be5326f4f2d76c8ee416e0
-
Size
1.0MB
-
MD5
4942c83e6f8149c8ee9765f3c2b27bc7
-
SHA1
caf483ee54b09acc8b18a298ba42283260906687
-
SHA256
0b576117983f942d005bd209239752290a0f97a9b0be5326f4f2d76c8ee416e0
-
SHA512
4033e41aa44513ad425f7e6f0256a28f0a15b7419e7adf45edca82baf5894a0819b57521e9366273ef333d7fdbc154482efa36a9a6e06dddbf7119ffa2485383
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook payload
-
Suspicious use of SetThreadContext
-