General
-
Target
Purchase Order.exe
-
Size
918KB
-
Sample
220711-kwkm9aaaa3
-
MD5
dfb77ce7f7b49f520241aa2a747d9203
-
SHA1
304dd96dad67b02214ebd10198baacfb7428a08a
-
SHA256
3b2aed15298aa9110cc90c069742839fdc9ddb24f91a8269284a504a5ba1fb9c
-
SHA512
57fd6052c133843cc4e4d7878eed74a8eeb466da8923e62995aceb84788573c9088d48303d79cf36839751c5307ef2d00a8ec99d40ea9e5108f047be32d6563a
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
ja38
check-info-asked.com
d1g1tal-loops.com
jouw-server.online
xn--9l4b93h4ub.com
jju21.com
johndivine.com
boardinghouses.net
evergreeneq.com
lovemya.xyz
szovegmuhely.com
worldwidedatazehn.net
hollandmulchus.com
mhcbrokers.com
brainwellnesssolutions.com
creatioconsultants.com
troyleedesign.store
hayebenefits.com
atom-ontherox.com
pacificoakllc.com
nailonika.online
tixdyweb.com
boostmedia.agency
cutiemind.com
fbcpear.land
nbaonlineus.com
libretypumps.com
americangaslighter.com
blountfirm.online
titansfitnessapparel.net
ofertascapital.com
baikhati777.xyz
yeslom.xyz
classicscase.com
canineconquest.com
nationallrentacar.com
shiyoushuzhi.com
app-youhodler.site
parkwhiteplainss.com
moldshirt.net
roadsideassistanceillinois.info
turkiyedenalmanyayanakliyat.com
kingoflogisticsgh.info
ywwpjqd.com
printthisstudios.com
appackle.com
dharvest24.biz
terrariaserverhosting.com
778189.com
securitycamera-at-2022.life
dx-ss.com
edtechcreativity.com
eleganse-home.online
theknightstemplar.global
abna.international
1ggn.com
abeylele.com
acoinmintexpert.com
prerising.com
dozivljajskigozdpohorje.com
tongkhodentrangtri.com
fromvalleytosummit.com
kasirselasarbrbd.com
englishzones.com
trading-cracks.com
couches-sofas-98268.com
Targets
-
-
Target
Purchase Order.exe
-
Size
918KB
-
MD5
dfb77ce7f7b49f520241aa2a747d9203
-
SHA1
304dd96dad67b02214ebd10198baacfb7428a08a
-
SHA256
3b2aed15298aa9110cc90c069742839fdc9ddb24f91a8269284a504a5ba1fb9c
-
SHA512
57fd6052c133843cc4e4d7878eed74a8eeb466da8923e62995aceb84788573c9088d48303d79cf36839751c5307ef2d00a8ec99d40ea9e5108f047be32d6563a
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-