General
-
Target
tmp
-
Size
177KB
-
Sample
220725-hn9w3abadk
-
MD5
90f6fded7e723bec5f87d99310c4d6c7
-
SHA1
45a628682111c4d4e1fc1adcf86abb4f112f6f5a
-
SHA256
b17e291e0dde8310125a67358658010ed0f6ac6131d8bca2373343405c4e68d7
-
SHA512
fd1189d46eb87c61e6c51a3588aed67ff3029f8d59d86761aa8f72f21eaf479751a0fe5d7b984cbb5016f3cf0188a1bda9c3b354717305ed79a0f4f080634541
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
tmp
-
Size
177KB
-
MD5
90f6fded7e723bec5f87d99310c4d6c7
-
SHA1
45a628682111c4d4e1fc1adcf86abb4f112f6f5a
-
SHA256
b17e291e0dde8310125a67358658010ed0f6ac6131d8bca2373343405c4e68d7
-
SHA512
fd1189d46eb87c61e6c51a3588aed67ff3029f8d59d86761aa8f72f21eaf479751a0fe5d7b984cbb5016f3cf0188a1bda9c3b354717305ed79a0f4f080634541
Score10/10-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-