General
-
Target
5814e53e67e68d674db42f492fb1265b2fa65c70f31d706e38ef65b3bf3c8769
-
Size
212KB
-
Sample
220724-t1xytaahgp
-
MD5
0d6ae9500984c013e717fac3aa020e0f
-
SHA1
d87df965c6ae2e75380d6752dc0030fc7b891a1d
-
SHA256
5814e53e67e68d674db42f492fb1265b2fa65c70f31d706e38ef65b3bf3c8769
-
SHA512
e23dcd8c19590785409c789c47fb4a69e51dde2534f739a635b8b5b23f73705a42dbc6ef8dfaa336c1fad01d7355e4755717e5fba52f970fda5542356dd95dcf
Static task
static1
Behavioral task
behavioral1
Sample
5814e53e67e68d674db42f492fb1265b2fa65c70f31d706e38ef65b3bf3c8769.exe
Resource
win7-20220718-en
Malware Config
Extracted
formbook
3.8
sh
studiogoparty.com
furi-mold.com
cdicoun-tombola.info
elizabethlhall.com
nakayama-hanasai.com
9910pe.com
iraqbreakingnews.com
91fyy.com
intersafetyland.com
dddadditive.com
gewuan.net
ikwxanxb.click
shenghangdianzi.com
nuskinmemory.com
sonrel-julie.com
rapidlegalcenter.com
jcldsp.com
dibamoviez.net
sochuan66.com
platformoneclothing.com
vandenbergpol.com
farmagf.com
xn--sjq656oa.net
bostonrefinanceboard.com
dannymetal.email
rcnxg.info
miaoshahui.net
sianakuwait.com
soundsquaremusic.com
liputan66.com
office365esafety.group
bolababy.net
saltiestoftheearth.com
goculer.com
mindbodysoulfoodie.com
tamsueva.info
givingartgallery.com
onlinestore.ninja
sanftemassagen.com
lafourmibatisseuse.com
200767.top
christina-kenel.com
burocratastijuana.com
herosofharvey.com
libelle-le.com
zecstb.men
jxkysd.com
yejiajun.com
social123marketing.com
simplelifeorganic.com
tjkaizhen.com
estableg.info
cyrilportmann.com
ntstiffins.com
717385y.info
ellamcd.com
cnxt.social
iotaagriculture.com
frankpilates.net
flytart.com
watch-zone.tech
yigitay.net
bubbleshootgames.com
cosmiceggpack.com
drylipc.com
Targets
-
-
Target
5814e53e67e68d674db42f492fb1265b2fa65c70f31d706e38ef65b3bf3c8769
-
Size
212KB
-
MD5
0d6ae9500984c013e717fac3aa020e0f
-
SHA1
d87df965c6ae2e75380d6752dc0030fc7b891a1d
-
SHA256
5814e53e67e68d674db42f492fb1265b2fa65c70f31d706e38ef65b3bf3c8769
-
SHA512
e23dcd8c19590785409c789c47fb4a69e51dde2534f739a635b8b5b23f73705a42dbc6ef8dfaa336c1fad01d7355e4755717e5fba52f970fda5542356dd95dcf
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook payload
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-