General
-
Target
a0ea3e0e735b86e2d21e08fb984f7c4e4a1cfc18e5e88de9333dcf26c05f8114
-
Size
241KB
-
Sample
220724-2mfflsbeam
-
MD5
94ba088ab7928fa21e55de87a44dcd40
-
SHA1
793e343853260fee403bb7d5b0b39b4b3023fb6e
-
SHA256
a0ea3e0e735b86e2d21e08fb984f7c4e4a1cfc18e5e88de9333dcf26c05f8114
-
SHA512
03ea85d83e691aad0da4baa5ce5ee58fb663153667b85b5670afa12df70db9ffd2a675124a6e4e7a6a3b2b20514d9210cbe9a154e2fbfab25d781dc15cf499d0
Static task
static1
Behavioral task
behavioral1
Sample
a0ea3e0e735b86e2d21e08fb984f7c4e4a1cfc18e5e88de9333dcf26c05f8114.exe
Resource
win7-20220715-en
Malware Config
Extracted
formbook
3.9
ph
teacuppugpuppies4sale.com
yongjiaboli.com
lenislastlament.com
eco-sustainableheritage.com
vladimir.international
solutionsdelivsource.com
masara.info
farmsforgood.com
cdma1xcard.com
jinzhuoweiyu.com
motiv8.life
betterbuyme.com
amentilife.com
myfinalgreetings.com
businessstepbystep.com
lordsofclubs.com
667vuk.info
ctl.expert
wwwyinhe908.com
fucai5785.com
milkyblack.com
morrisareachildcare.com
jordeche.com
healthyproduction.com
hylaind.com
programma-2000.com
1864brackenville.com
anissatess.com
qq96688.com
1362567.com
atlhomebuilder.com
multifunctionality.men
maarisphotography.com
yodineed.world
valstoev.com
hentaiss.com
rawyaalgerie.com
dssmk.com
polesie-drzwi.com
crimegist.com
cosmeticgroups.com
i782.com
harpreplacementonline.com
tongdaifb24h.com
xulymoitruonguytin.com
affydrones.com
executivetravelerclub.com
greenacresminisanctuary.com
masculinityisgood.com
dawnknights.net
chinkon.net
alskadig.com
eqopark.com
gohandyvergleichesok.live
healthyskratch.com
pegottes.com
www406871.com
communalconnection.net
artevoque.com
chashmogoosh.com
bestfoodsmegamart.com
food-delivery-osusume.com
ncwevent.com
citillage.net
flycoz.com
Targets
-
-
Target
a0ea3e0e735b86e2d21e08fb984f7c4e4a1cfc18e5e88de9333dcf26c05f8114
-
Size
241KB
-
MD5
94ba088ab7928fa21e55de87a44dcd40
-
SHA1
793e343853260fee403bb7d5b0b39b4b3023fb6e
-
SHA256
a0ea3e0e735b86e2d21e08fb984f7c4e4a1cfc18e5e88de9333dcf26c05f8114
-
SHA512
03ea85d83e691aad0da4baa5ce5ee58fb663153667b85b5670afa12df70db9ffd2a675124a6e4e7a6a3b2b20514d9210cbe9a154e2fbfab25d781dc15cf499d0
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-