General
-
Target
57cb79ff37edcbacd2f4d7aabe5835099a75ee078107b0b00efdb41906d3a1b6
-
Size
305KB
-
Sample
220724-yq59naegbn
-
MD5
843485dbff12620fb58532fab189a3fe
-
SHA1
fb6287c7bd9cfd01481430c14f4e9c2ed4d1fd65
-
SHA256
57cb79ff37edcbacd2f4d7aabe5835099a75ee078107b0b00efdb41906d3a1b6
-
SHA512
a582cd5c679d65e5997a2e1f899ece3a5f6834ba4d4c24ca36cb877e3275cff86d8b7aeb223014e845ee326a5e491425f1519fa67e6fa4fba5344d14605c7f00
Static task
static1
Behavioral task
behavioral1
Sample
57cb79ff37edcbacd2f4d7aabe5835099a75ee078107b0b00efdb41906d3a1b6.exe
Resource
win7-20220715-en
Malware Config
Extracted
formbook
3.8
hx227
lapizapps.com
heitoping.com
pthelperspositivev.win
gmxpic.com
valuecodeliving.com
kredit-hilfe-gesucht.com
totalwebservices.online
impressionscarpetcleaning.net
cqpsds.info
1q2fiveafter.men
campbellpropertiesuk.com
avalon.loans
bankcardssite.market
connqa.com
luludallas.com
acessoitaucard.net
ad-concier.com
blrsi.com
zecrypto.com
com-services-secure-id.info
umniy-dom.info
grande-pleasures.com
batsonmedia.com
altcointrend.com
of-the-family.business
plasmapentraining.com
karladith.com
akshaykumar.club
xiranshangwu.com
alkalmiruhabolt.com
rimc5zq0u.com
tecnologiabig.com
wealthexposandiego.com
faismoiuneoffre.com
javi.today
yhtzlc.com
svc.group
uptownbiscayne.net
princegeorgebcgiftbaskets.com
ciraexport.online
wreckingballuk.com
brick-machine-equipment.com
thebeachheights.com
bombshellfitnessandflavor.com
edifyfoundation.com
btcandres.com
equalscan9558.win
thebarecampaign.com
lyrthz.men
rothschild.science
laberdesque.com
walktofinancialfreedom.com
magna5global.cloud
tv17364.info
rongjinyin.com
dodino.rocks
casadoscelulares.com
largeformatwines.com
iversonrand.com
allyfayefit.com
insurance4vanhire.com
village-place.com
imjwsv.men
xlzitv.men
khamattqy.com
Targets
-
-
Target
57cb79ff37edcbacd2f4d7aabe5835099a75ee078107b0b00efdb41906d3a1b6
-
Size
305KB
-
MD5
843485dbff12620fb58532fab189a3fe
-
SHA1
fb6287c7bd9cfd01481430c14f4e9c2ed4d1fd65
-
SHA256
57cb79ff37edcbacd2f4d7aabe5835099a75ee078107b0b00efdb41906d3a1b6
-
SHA512
a582cd5c679d65e5997a2e1f899ece3a5f6834ba4d4c24ca36cb877e3275cff86d8b7aeb223014e845ee326a5e491425f1519fa67e6fa4fba5344d14605c7f00
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-