General
-
Target
56e8e3a2d3330298f144767f1ef320fc3ecd1a968d47e8308486018dc224ea00
-
Size
624KB
-
Sample
220725-bpvefahaer
-
MD5
0c67efeca56fee9e1978a87161db87ad
-
SHA1
e54fa09cd9d897b8490de36033488c8c99687f82
-
SHA256
56e8e3a2d3330298f144767f1ef320fc3ecd1a968d47e8308486018dc224ea00
-
SHA512
3fb9dee3f078c28d8cf5f288a26e136b6a3f7664bec2b33d1f6835c367511a1e0cb1830318461d5003182c7fee3b3c5f64e54769db2d3c4b4fef591e5b3d3a95
Static task
static1
Behavioral task
behavioral1
Sample
56e8e3a2d3330298f144767f1ef320fc3ecd1a968d47e8308486018dc224ea00.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
56e8e3a2d3330298f144767f1ef320fc3ecd1a968d47e8308486018dc224ea00.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
formbook
3.8
et
filmeedt06.com
getbrave.net
tdshome.com
audioteck.net
eplogovi.com
verywedding.net
biqiba.com
learnandunderstand.science
jsgxcxae.com
9aop4k.link
laceycphotography.com
ldbberendsenreading.com
life365coaching.com
ambercampbell.photography
activeliberal.win
tupelocounseling.com
finovice.com
fantatressette.com
sojah.store
qhdljj.com
xiheifa.com
yourbostonrefinance.com
cyqunli.com
columbusvivint.info
foroozanmaqz.com
andipalmer.com
sif.tips
beautagram.com
k2qbed.com
thelovellcompany.com
oldladywithabrush.com
sinasmart.net
anaduquepereira.com
tzhmc.net
kemachine.com
550280.top
evalife.info
marlboro-sports.com
kalayab.download
shaoerjia.com
eatpes.net
immersive-journey.com
maybrooktaxiandlimo.info
studiodennis.com
step-reach.com
ru4dating.com
sdyy168.com
ihatelocates.net
ioce55.com
americatourbus.info
myethervvalett.com
tipshots.com
ggpc-co.com
shakethecow.com
dayfiler.com
wanggh.com
ingenuity.degree
onsitepsy.com
tamarindo.agency
xn--u9j234u82q.com
desert-snow-niigata.com
genericviagraonlinevxp.com
mm3xx.com
3dbusinessmodel.com
aamyz87.info
Targets
-
-
Target
56e8e3a2d3330298f144767f1ef320fc3ecd1a968d47e8308486018dc224ea00
-
Size
624KB
-
MD5
0c67efeca56fee9e1978a87161db87ad
-
SHA1
e54fa09cd9d897b8490de36033488c8c99687f82
-
SHA256
56e8e3a2d3330298f144767f1ef320fc3ecd1a968d47e8308486018dc224ea00
-
SHA512
3fb9dee3f078c28d8cf5f288a26e136b6a3f7664bec2b33d1f6835c367511a1e0cb1830318461d5003182c7fee3b3c5f64e54769db2d3c4b4fef591e5b3d3a95
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-