General
-
Target
QUOTATION PDF_SCAN_COPY.exe
-
Size
523KB
-
Sample
220131-llgdhsghfr
-
MD5
5e9af5b2056e4da639a9459e3b36193c
-
SHA1
b779402e9a6ecbbef6b68817814991bbcade12df
-
SHA256
35147128936c2e79548e5c0a2bbd70cd5a29c1b01dfa1ac2515fa5becb7efa6d
-
SHA512
4f293bab428aeead9c4b0a411a9d0674bebd87cf89d92f2aa0b1ffc4d287d96b859365453f21040abc7b5dd4f452f52ed98661b8c16624d9915d4c40ecfe15ea
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATION PDF_SCAN_COPY.exe
Resource
win7-en-20211208
Malware Config
Extracted
formbook
4.1
n2t4
livingthroughthechaos.net
videobuzzmedia.com
felineformulas.com
theorganicbees.com
bizoeflow.com
gtbcked.com
immortalapenft.com
pacherasrl.com
defunddrip.black
fromefarm.com
newmedicalnetwork.com
nikosblue.com
kaecfu.online
arcane-stylish.com
7ox.info
osamaabuzawayed.com
noemielatour.com
baccaratjava.com
latinfoodandwinefestival.com
magiclandstudios.com
shazpe.com
businessmanbazar.com
lifewithkatiewright.com
themarketingideascatalog.com
nickbrizhoops.com
esportsgamertv.com
delinointeriores.com
connotatetechnologies.net
cybomatic.cloud
correctmakling.site
thammydora.com
ageingwellhomecare.com
fleetwoodjobshop.site
jakulo.com
drbaren.com
newpointstudio.com
yxuqamnj.com
spiritsyncing.net
hy963app.com
rnp-trading-lukoil.com
bowlesuniverse.com
fumigacionesecouniversal.com
vulvip.com
heppi.pro
preetiplease.com
gemini-hk.icu
allyazek24.xyz
blackbratapparelcompany.com
immersivenm.com
mystoragewarehouse.com
dvjdob.icu
mecanicadesuelosrancagua.one
cayugacommunitysolar.com
parizes.site
vpsincnas.com
tattoo-marketplace.online
garadapatngklgamazon.com
signa.info
simplegourmetpa.com
quintanaroopt.com
studio-goettingen.com
brimhi.com
fabula-glass.com
1049hubertrd.com
faireez.club
Targets
-
-
Target
QUOTATION PDF_SCAN_COPY.exe
-
Size
523KB
-
MD5
5e9af5b2056e4da639a9459e3b36193c
-
SHA1
b779402e9a6ecbbef6b68817814991bbcade12df
-
SHA256
35147128936c2e79548e5c0a2bbd70cd5a29c1b01dfa1ac2515fa5becb7efa6d
-
SHA512
4f293bab428aeead9c4b0a411a9d0674bebd87cf89d92f2aa0b1ffc4d287d96b859365453f21040abc7b5dd4f452f52ed98661b8c16624d9915d4c40ecfe15ea
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-