General
-
Target
PO-07-2022-00062.zip
-
Size
39KB
-
Sample
220725-hn73gabadj
-
MD5
94b759dafed20cfaa1b8aed076cbddae
-
SHA1
ca7518857868b1102db757dbc83628c3d16e6b67
-
SHA256
772c92cb2ef2e880b4c55e4a953b9792223125792be9981ee69b8bfafe0e2867
-
SHA512
b7ffc3a3cdd8909fe017479ee694c4e0c4529421773ae22c15ea97868b4edd058656a26dd648e54e204c2bcb069522aaf16873c3d053942bc9b91b1e587dc3e3
Static task
static1
Behavioral task
behavioral1
Sample
PO-07-2022-00062.exe
Resource
win7-20220715-en
Malware Config
Extracted
formbook
4.1
fs44
whneat.com
jljcw.net
pocodelivery.com
outofplacezine.com
yavuzcansigorta.com
xinhewood-cn.com
cartogogh.com
5avis.com
joyceyong.art
digitalsurf.community
blackcreekbarns.com
magazinedistribuidor.com
sportsgross.com
drevom.online
mayibeofservice.com
gareloi-digit.com
permitha.net
renaissanceestetica.com
facts-r-friends.com
dach-loc.com
thezuki.xyz
cerradoforte.com
yunjin-band.com
soleirasun.com
stoneyinsideout.com
a-sprut.store
verdistar.com
hivingly.com
trywork.net
bvpropertymanagement.com
calibrationprofessionals.com
mpalmcoffee.com
polygons-stakes.site
themomerator.com
payrollserviceform.com
luyensex.club
elon-drop.net
bluechipblog.com
suaempresaemcasa.com
experimentalcircus.art
vietnamesecuisines.com
i4zlyv.com
b23q.xyz
quantumap.com
sana-poratal.site
eastcoastguardfl.com
maxwell-caspar.com
pontochavelocacoes.com
nitsmm.site
tiffanyrockdesign.com
dgmlsubscribers.com
cybericonsultancy.com
bankssy.com
cxitsolution.com
summerinthepark2022.com
chainadmere.com
quangdecalshop.com
winagency.net
motorworks.tech
huefa.club
mthoodviewlodge.com
bahisaltv79.com
codeforge.pro
dpd-gasplumbingandheating.com
echoesdesing.com
Targets
-
-
Target
PO-07-2022-00062.exe
-
Size
121KB
-
MD5
6e242c54644dc4865f452c83922063f1
-
SHA1
9e691a93f17e8b4a0a871892889663a3c2c32572
-
SHA256
3f97bf9bdfc07c39df433605eda1cfdc6617e4142e8a49f182f547fa25243c62
-
SHA512
b8b1fe1ab7b56fb2cea4c98d45e2cd3cccd200be9ded583cf356c3592dc225a4a560a064ce6e2ea4f97a6566ebd254b6e2a1f6344bf19f14d6580e2359c03d82
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-