General
-
Target
fa23102e1c3eccaa2b9b057eea06a2df0b17ef40619d3ca2abce058acd2b34af
-
Size
492KB
-
Sample
220725-eh86ssdhdm
-
MD5
689e439775144f74d2df34f0c2299295
-
SHA1
b11db9368698ff8e4fcc28a49bfc52fa70240ef3
-
SHA256
fa23102e1c3eccaa2b9b057eea06a2df0b17ef40619d3ca2abce058acd2b34af
-
SHA512
7e6a14f0875bf98e277643d43d556f9a052e1d6e157505384380b7707773020617512904aecf113d4cea6866064309d202c3c139363fdeb09fcd4bbd0186d354
Static task
static1
Behavioral task
behavioral1
Sample
fa23102e1c3eccaa2b9b057eea06a2df0b17ef40619d3ca2abce058acd2b34af.exe
Resource
win7-20220715-en
Malware Config
Extracted
formbook
3.9
g30
promacorpsac.com
auctionsupermarket.com
nooaerhandmadeshop.com
youngskreemz.com
xn--oy2b15k2qfbk.com
ethanlarsen.net
zq9eight.loan
kultamurun.com
sparkingtree.com
onlineavtomati-777.com
solrcluster.com
reviewz.site
xqcp9.com
demo90dreamearsi.net
1st-solutionsllc.com
wwwwnsr5577.com
bohniverse-edelstahl.com
mycorehabits.com
accu.cloud
hoci.ltd
nichesandnotions.com
jacejacksonrealty.com
ledstick.biz
zoj2z.info
tzlc05.com
sslc2018.com
rockwoodslingers.com
detoks-narkotykowy.com
braintreeadvertiser.net
bespokeplumber.com
tuozhanpeixunwang.com
xndingxindiandang.com
bloomberglauraanthony.com
nismoperformanceacademy.com
ashleycomeau.com
sh8fptkwwfdi.biz
200875.top
xn--ydso18l.com
yahan-energy.com
bicosbrasil.com
sivil-entertainment.com
trimservicerotterdam.com
ttibtgfarycx.site
1q4y6.info
poppy521.com
soongi.com
beatschinashop.com
xn--cckyc6bwa9gb1355nm0f.site
vertigomemo.win
ifyougiveamomavacation.com
xn--eqrp02bopv.com
witchhouse.faith
car2626.com
radlssonblu.com
thebestvitaminsupplements.com
mndotsrtsplanning.com
gregthurtle.com
diamondconnected.com
wienerwiener.com
fundwebs.com
handcraftedjewelsbyliz.com
radsk.com
osports9.com
devenirungenie.com
chilogae.com
Targets
-
-
Target
fa23102e1c3eccaa2b9b057eea06a2df0b17ef40619d3ca2abce058acd2b34af
-
Size
492KB
-
MD5
689e439775144f74d2df34f0c2299295
-
SHA1
b11db9368698ff8e4fcc28a49bfc52fa70240ef3
-
SHA256
fa23102e1c3eccaa2b9b057eea06a2df0b17ef40619d3ca2abce058acd2b34af
-
SHA512
7e6a14f0875bf98e277643d43d556f9a052e1d6e157505384380b7707773020617512904aecf113d4cea6866064309d202c3c139363fdeb09fcd4bbd0186d354
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-