General
-
Target
5987fe9f952269fd60745e05998f3640516bfc8bd4a882db60683f423a2a94e8
-
Size
305KB
-
Sample
220724-d74ryadhem
-
MD5
ffa3fb48a339894ea095d4daf804011c
-
SHA1
1d9466444dad77922aec5a800fef77b83b715c18
-
SHA256
5987fe9f952269fd60745e05998f3640516bfc8bd4a882db60683f423a2a94e8
-
SHA512
6327a1b44a08446a6d21a5357d833187fc575bbf570f3e324c27f8545a2f458c4fa057b88b1a0dae5fcfee0c9852f94615b011fdb5341afaab6dcde55e6bc05e
Static task
static1
Behavioral task
behavioral1
Sample
5987fe9f952269fd60745e05998f3640516bfc8bd4a882db60683f423a2a94e8.exe
Resource
win7-20220718-en
Malware Config
Extracted
formbook
3.8
hx237
repuestosmamparaselsur.com
sakai-yukiko.com
getdistrict.com
hideinplainflight.info
yamaer.com
hoosholic-boy.com
thecopenhagencopywriter.com
ledressingdescompulsives.com
xn--h3t926bkqa394a.com
nvcxr.com
zhangbin2016.com
ajsfibresolutions.net
229riverbendlane.com
gnimble.com
pichacola.com
kochang.online
fishonfellowship.com
mandarinassinpepitas.com
drinkopr.win
silverm.cloud
rentalcoins.info
facepayfor.com
justbyoubeayutiful.com
grandgentlemen.com
nyss6ttyn3.online
bjoraclewdp.com
chairrole.site
huclub.com
e2mw.com
ya298.com
momoe365.com
printsites.info
neeqly.com
banque-societegeneralefr.net
colmund.com
baronlaw.net
wafigraphy.com
etherclan.com
saps-enterprise.com
xinfushunddc.com
tv16760.info
783bet.com
yongtai308.com
julianabass.site
czxyws.com
zjgewy.com
ytbaoyu.com
manbet086.com
pixelpandemic.com
dreamdentistrytx.com
brjx668.com
hyhdtjm.com
bumijawa.online
testbestdeal2.com
bodychange21.com
dg6yg1bp4.online
iiird.com
luckywechat.com
businesns.com
xn--2j1b67o19hn8l.net
veqwxx.info
cicekbi.net
iphone-10.repair
thorsthunderhq.com
aibbybrown-music.com
Targets
-
-
Target
5987fe9f952269fd60745e05998f3640516bfc8bd4a882db60683f423a2a94e8
-
Size
305KB
-
MD5
ffa3fb48a339894ea095d4daf804011c
-
SHA1
1d9466444dad77922aec5a800fef77b83b715c18
-
SHA256
5987fe9f952269fd60745e05998f3640516bfc8bd4a882db60683f423a2a94e8
-
SHA512
6327a1b44a08446a6d21a5357d833187fc575bbf570f3e324c27f8545a2f458c4fa057b88b1a0dae5fcfee0c9852f94615b011fdb5341afaab6dcde55e6bc05e
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-