General
-
Target
6f111b596da1ac7d71c4362b18309648
-
Size
214KB
-
Sample
220505-gnk29sfcd5
-
MD5
6f111b596da1ac7d71c4362b18309648
-
SHA1
e09f8065342a4c8664148bec4b0d9265e7e5842a
-
SHA256
285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96
-
SHA512
f3e1c725d4c0916a4856af17e272791f056595399e9970c58a4156fbd262e761b50b511cc422e41becfa86493f6248480f855df6718eeaac904d53e1ec8f1e88
Static task
static1
Behavioral task
behavioral1
Sample
6f111b596da1ac7d71c4362b18309648.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
m0d4
prettyhairdivas.mobi
cityblocksnft.com
laraqiiz.com
mubarakdigitalmedia.com
perstockholm.com
xn--imprio-dva.site
baigouw.com
support-client-video.com
phomas.info
dengedizayn.com
zoommachone.xyz
houseoflancasterhours.com
petarungslot.website
tyrs-it.com
dalianzhuchiren.com
tenthgenerationtorah.com
portres.online
1-minute.store
shikakunazo.com
veymes.store
ruvedaj.xyz
apremotesamsung.com
palia.world
you-sayso.com
nftsofis.com
arthamandirialkesindo.com
bangkhacollections.com
digitalfactoryinstitut.com
aceites.info
altcoinwatcher.com
pearlsofgraceinc.com
xianzyw.com
gxclzs.com
greenlighteams.com
aavinya.com
sans-gluten.store
clanbeware.com
protocolohfresco.site
meredithlobrien.com
cryoablation.xyz
avicciibook.com
toastpack.com
linktosmutgoeshere.com
38289.xyz
xn--08s.com
techkaisimi.com
jllpx.com
dubaicarclinic.com
zhidao95.com
aletterboxd.com
warrantyglobe.com
mindfeed.pro
bhreselect.com
sdfijsdjidf.xyz
russetconstruction.com
futternmitflo.com
triumphgroup.xyz
tn299td.com
bulkheadsrestaurantgroup.com
luvy.world
h3s4.com
gamewaycos.com
totalbodyfit.online
trendadler.com
hsf777.com
Targets
-
-
Target
6f111b596da1ac7d71c4362b18309648
-
Size
214KB
-
MD5
6f111b596da1ac7d71c4362b18309648
-
SHA1
e09f8065342a4c8664148bec4b0d9265e7e5842a
-
SHA256
285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96
-
SHA512
f3e1c725d4c0916a4856af17e272791f056595399e9970c58a4156fbd262e761b50b511cc422e41becfa86493f6248480f855df6718eeaac904d53e1ec8f1e88
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-