General
-
Target
MY0025007022.zip
-
Size
7KB
-
Sample
220725-knqvasbfbl
-
MD5
6e11f965f7dd2978919e2f4b46c1b389
-
SHA1
b0dd7731fe6721414ed1b9ad83a0b4faa066e57d
-
SHA256
4c3ef62fadfcb2add42105636653251735afa0c6de4ab4fd61287e35580d97e7
-
SHA512
d9441535bfec5144e3262eec502f8d90bed32175b7161d0c046714910b80942a828534c6a72ed3b111fbbbeb3acbc9eec0e39d7b91fc50e3a40fc940c6a6ab8d
Static task
static1
Behavioral task
behavioral1
Sample
MY0025007022.exe
Resource
win7-20220718-en
Malware Config
Extracted
formbook
4.1
fs44
whneat.com
jljcw.net
pocodelivery.com
outofplacezine.com
yavuzcansigorta.com
xinhewood-cn.com
cartogogh.com
5avis.com
joyceyong.art
digitalsurf.community
blackcreekbarns.com
magazinedistribuidor.com
sportsgross.com
drevom.online
mayibeofservice.com
gareloi-digit.com
permitha.net
renaissanceestetica.com
facts-r-friends.com
dach-loc.com
thezuki.xyz
cerradoforte.com
yunjin-band.com
soleirasun.com
stoneyinsideout.com
a-sprut.store
verdistar.com
hivingly.com
trywork.net
bvpropertymanagement.com
calibrationprofessionals.com
mpalmcoffee.com
polygons-stakes.site
themomerator.com
payrollserviceform.com
luyensex.club
elon-drop.net
bluechipblog.com
suaempresaemcasa.com
experimentalcircus.art
vietnamesecuisines.com
i4zlyv.com
b23q.xyz
quantumap.com
sana-poratal.site
eastcoastguardfl.com
maxwell-caspar.com
pontochavelocacoes.com
nitsmm.site
tiffanyrockdesign.com
dgmlsubscribers.com
cybericonsultancy.com
bankssy.com
cxitsolution.com
summerinthepark2022.com
chainadmere.com
quangdecalshop.com
winagency.net
motorworks.tech
huefa.club
mthoodviewlodge.com
bahisaltv79.com
codeforge.pro
dpd-gasplumbingandheating.com
echoesdesing.com
Targets
-
-
Target
MY0025007022.exe
-
Size
67KB
-
MD5
09d635e7fac13ca49037a27ffa10cdbf
-
SHA1
b12b7a877682838b5b1673ee4783bbf44eba4863
-
SHA256
b12c23f3cf0937291c634f1505ca5123dc08363dcc0f766ac029b1238cade11d
-
SHA512
f50052ccd601ef2830e0c1a5df7e4414249e55acc8aeef3a0eb1ca16f8d92da372ae25a94fc6a9deda85a812e01104f9000b429dc70cbcab0bc6fb46aaf12f85
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-