General
-
Target
cae8e977de32b6913c75f8ec8fb052b7fdb3bd293c7e2840df3afc2248e0e568
-
Size
293KB
-
Sample
220725-ct89tsbacn
-
MD5
6f1685cc2b2a642ae65783697ba6e983
-
SHA1
60cea5318393a8723f150e7fb9ad448489e955c7
-
SHA256
cae8e977de32b6913c75f8ec8fb052b7fdb3bd293c7e2840df3afc2248e0e568
-
SHA512
ddcd2f12e5fd098396787e067a52553ee4709f71c82ad5060a1304841d7498d459814bf104e362f563165f1a8919f9bf352c652adedbffc539618b2ff85ae5f3
Static task
static1
Behavioral task
behavioral1
Sample
cae8e977de32b6913c75f8ec8fb052b7fdb3bd293c7e2840df3afc2248e0e568.exe
Resource
win7-20220715-en
Malware Config
Extracted
formbook
3.8
sh
studiogoparty.com
furi-mold.com
cdicoun-tombola.info
elizabethlhall.com
nakayama-hanasai.com
9910pe.com
iraqbreakingnews.com
91fyy.com
intersafetyland.com
dddadditive.com
gewuan.net
ikwxanxb.click
shenghangdianzi.com
nuskinmemory.com
sonrel-julie.com
rapidlegalcenter.com
jcldsp.com
dibamoviez.net
sochuan66.com
platformoneclothing.com
vandenbergpol.com
farmagf.com
xn--sjq656oa.net
bostonrefinanceboard.com
dannymetal.email
rcnxg.info
miaoshahui.net
sianakuwait.com
soundsquaremusic.com
liputan66.com
office365esafety.group
bolababy.net
saltiestoftheearth.com
goculer.com
mindbodysoulfoodie.com
tamsueva.info
givingartgallery.com
onlinestore.ninja
sanftemassagen.com
lafourmibatisseuse.com
200767.top
christina-kenel.com
burocratastijuana.com
herosofharvey.com
libelle-le.com
zecstb.men
jxkysd.com
yejiajun.com
social123marketing.com
simplelifeorganic.com
tjkaizhen.com
estableg.info
cyrilportmann.com
ntstiffins.com
717385y.info
ellamcd.com
cnxt.social
iotaagriculture.com
frankpilates.net
flytart.com
watch-zone.tech
yigitay.net
bubbleshootgames.com
cosmiceggpack.com
drylipc.com
Targets
-
-
Target
cae8e977de32b6913c75f8ec8fb052b7fdb3bd293c7e2840df3afc2248e0e568
-
Size
293KB
-
MD5
6f1685cc2b2a642ae65783697ba6e983
-
SHA1
60cea5318393a8723f150e7fb9ad448489e955c7
-
SHA256
cae8e977de32b6913c75f8ec8fb052b7fdb3bd293c7e2840df3afc2248e0e568
-
SHA512
ddcd2f12e5fd098396787e067a52553ee4709f71c82ad5060a1304841d7498d459814bf104e362f563165f1a8919f9bf352c652adedbffc539618b2ff85ae5f3
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook payload
-
Adds policy Run key to start application
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-