General
-
Target
pagamento.exe
-
Size
480KB
-
Sample
220725-k43tssbgdm
-
MD5
3a4002d3317631eeb1f881895c271133
-
SHA1
58d85737183dd1412346d998f9d9002d287f7fdc
-
SHA256
c209e51fed2f08a97ab57e446aedeef9c5fe68f8a4945545d38409990ab99e99
-
SHA512
abf2fa8a41a05fb536511ad028bc65cf87c661ae4e3be7eda6dedce9bbd168522f81cc501207b0fc5883d28b6a1c23389ef411426884366d2fe6e5c310cfb851
Static task
static1
Behavioral task
behavioral1
Sample
pagamento.exe
Resource
win7-20220715-en
Malware Config
Extracted
formbook
4.1
nt19
myryanhair.com
quadrants.site
uavhiring.com
amqzoqn.com
883996.xyz
ahwconsultinggroup.com
gdgsjl.com
eye-catcher.site
milestoninternet.com
1weekweightloss.com
donghwacos.com
betpipo31.com
novelty.mobi
vo3t1n1pt.com
pronodes.pro
satserdova.com
thekagaz.com
aisopus.com
nelsonwldwide.com
alberguedawebb.makeup
qhsjcn.com
zhuokuosm.com
decoratedpumpkins.com
saiyczx.com
peachbebe.com
ducatilastvegas.com
baicorsprayinsulation.com
whoisjohnmoney.com
osakakansaiexpo2025.com
saghiparhamdds.com
ngshddq.com
arenaofdeath.xyz
potosky.com
wicklesschrista.online
metaverseworkshop.online
ready4rishi.club
alakazam.wtf
247homebet.com
nobelpawtrait.com
gankotin.online
sucrearret.pro
juuwa777.com
1to1vision.com
sigmaformacao.com
roadday.sa.com
subngon98.online
textformattr.com
doiqualify.info
arinastepanova.site
marleybrat.website
tipiministries.com
recambiodeventanas.com
coldonafridaynight.info
nftproperties.info
rotate-mech.com
weareplanetprotectors.com
lastingketohealthtechdaily.com
accsforyou.com
reform-ookura.com
gottagetting.com
ragznmops.com
nikitasbarandbistro.com
famedhelium.online
nonurseleftbehind.net
holyfamilysports.com
Targets
-
-
Target
pagamento.exe
-
Size
480KB
-
MD5
3a4002d3317631eeb1f881895c271133
-
SHA1
58d85737183dd1412346d998f9d9002d287f7fdc
-
SHA256
c209e51fed2f08a97ab57e446aedeef9c5fe68f8a4945545d38409990ab99e99
-
SHA512
abf2fa8a41a05fb536511ad028bc65cf87c661ae4e3be7eda6dedce9bbd168522f81cc501207b0fc5883d28b6a1c23389ef411426884366d2fe6e5c310cfb851
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook payload
-
Suspicious use of SetThreadContext
-