General
-
Target
Purchase order.exe
-
Size
884KB
-
Sample
220725-ewyl8aeeem
-
MD5
c0ca159ecfd86c426acfa99e7255f874
-
SHA1
1e8b2344a0252db75e9a106111e89d844639cb62
-
SHA256
aae89af9bf54cc3d9659631b9438942f192239e50eba6da7918ebced50c700c5
-
SHA512
353a5d40ff2df98fb9d0442bb18f04e8c0a61c58f21bbb8192605d82089810607483faa8a8fc863bfa5602bd7a547142112105de21ae48854de4699696ad06ab
Malware Config
Targets
-
-
Target
Purchase order.exe
-
Size
884KB
-
MD5
c0ca159ecfd86c426acfa99e7255f874
-
SHA1
1e8b2344a0252db75e9a106111e89d844639cb62
-
SHA256
aae89af9bf54cc3d9659631b9438942f192239e50eba6da7918ebced50c700c5
-
SHA512
353a5d40ff2df98fb9d0442bb18f04e8c0a61c58f21bbb8192605d82089810607483faa8a8fc863bfa5602bd7a547142112105de21ae48854de4699696ad06ab
Score10/10-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-